My ISPconfig servers have a DMZ interface which has a (remote) DNS server. I'd prefer not to use this server as the primary DNS server for these machines, but it does hold an internal zone. I don't want to publicly expose the internal domain so I can't add the zone to the ISPconfig servers. The normal way of doing this is via a view in named.conf.options, but then all zones need to be in a view which means messing with ISPconfig bind which I'd rather avoid. zone entries don't support ACLs, so I think views is the only option to restrict client IP addresses for a zone. Until now I've put entries into hosts files, but this does not scale well.Do I have an option other than running redundant bind DNS servers on the DMZ as primary forward servers for the ISPconfig machines? I Guess I can then cache external requests on those two servers rather than on all the ISPconfig servers locally, but this isn't a current requirement. How do others solve this issue?