Which outbound DNS address to use for a DNS server

1 post / 0 new
#1 Tue, 07/10/2018 - 00:57

Which outbound DNS address to use for a DNS server

Which DNS address would you use on a machine running DNS (the machine is not reachable from the internet)?

I asked the same question on another forum and got this reply "Your authoritative DNS servers should use the same DNS as the rest of your network - and this should not be any auth server or itself (I.e. do not use the same server as resolver and auth). The resolvers should be ok to use localhost, and should be ideally configured as full recursors. Sounds to me like you have the same servers doing both, which is very bad practice and can lead to issues like you just had."

Some more info for those who like reading long posts:

Background: I had a crash the other day because of a corrupted record getting passed from one of my Bind servers to a slave. The host running the slave has localhost configured as its DNS server and basically were cut off from the internet. I didn't get any notifications as it couldn't resolve the mail server anymore. I changed both my Bind instances to use my router as the only DNS and now get this "Virtualmin is configured to setup DNS zones, but this system is not setup to use itself as a DNS server. Either add to the list of DNS servers, or turn off the BIND feature."

My setup: I'm running two bind servers on my LAN which are not accessible from the internet. One with Cloudmin which contains my VMs and the other with Virtualmin with local domain names for various self hosted apps. Cloudmin runs as a slave for Virtualmin. I'm using unbound DNS on my router as my main DNS for network clients with a domain override for my local domain which forwards to Bind on the Cloudmin machine.