Host-level forwarding override
Jan Ceuleers
janspam.ceuleers at skynet.be
Fri Oct 13 14:15:02 UTC 2006
First of all, I apologise if this is a FAQ. I have googled,
google-grouped and read the ISC BIND FAQ before coming here.
I work for a company (let's say that it's called foo) and have a
foo-issued and managed laptop. What I'd like to be able to do is connect
this laptop either directly to the company network, or to the internet,
or to the company VPN, without changing its configuration. (Note that
none of this is contrary to company policy).
The specific problem that I have is that both the browser's proxy
servers and the VPN servers are in zone foo.tld. However, since the
proxy servers are on the intranet they are not resolvable from the Internet.
I had begun tackling this problem by creating a master zone on my home
DNS server for foo.tld, containing only the proxy servers (and in fact
with the same IP addresses as on the intranet; I simply configured my
firewall to reroute traffic to my own proxy server). The problem is that
with this setup my DNS server authoritatively states that the VPN
servers (or any other addresses in foo.tld) don't exist.
I cannot request a zone transfer and simply edit that, because (1) zone
transfers are not allowed by the foo.tld name servers, and (2) I don't
want to have to keep doing this for ever more.
My question therefore: Can I cause bind to first consult a local zone
file for a domain, and if a query cannot be resolved by doing that
forward the query to another name server?
Thanks and best regards,
Jan
More information about the bind-users
mailing list