[Bind-users] Domain Dependant DNS

Remko Lodder remko at elvandar.org
Wed Jan 28 18:32:49 UTC 2004

I Disadvise you to have a connection to your company AND at the same time
being able to access other networks..

-->> being hacked -->> gateway into your company..... shit ;)

Most VPN clients also cut off every other forms of connectivity when using
VPN (SecuRemote does( Checkpoint ))

if you persist in having both connections,
are you able to ping internet (unresolved) hosts, and the intranet hosts at
the same time??

further i would know no  method in using different resolvers when a domain
is queried
like google.com -> external
     company's-intranet.site -> intranet dns.



Kind regards,

Remko Lodder
www.mostly-harmless.nl Dutch community for helping newcomers on the

-----Oorspronkelijk bericht-----
Van: bind-users-bounces at lists.elvandar.org
[mailto:bind-users-bounces at lists.elvandar.org]Namens Michael B Allen
Verzonden: woensdag 28 januari 2004 6:17
Aan: comp-protocols-dns-bind at isc.org
Onderwerp: [Bind-users] Domain Dependant DNS

I have a small LAN at home with a few machines and a Linksys router hooked
up to a cable modem. One machine is running bind 8 with a standard set
of zone files and two forwarders to my ISPs DNS. Works great.

Now all of the sudden I'm using VPN to get onto the company Intranet but
I don't work too much when I'm home so I'd like to access all networks
at the same time so I can do a little work (very little) and then jump
over to the raw internet. Routing isn't too much of a problem. I have
a suitable set of masks to route traffic to the company WAN.

But I'm having trouble contriving a reasonable setup to handle
DNS. Currently I just copy in a different resolve.conf depending on what
I'm doing but that's pretty ugly.

So the question is; can I configure the name server on my LAN to use
different forwarders depending on the domain of the name being queried? Or
is there something I can do local to the machine doing the VPN?

In truth it would be ideal if the local machine's name service client
apparatus could be configured to use different DNS servers based on which
domain was being accessed but also try alternate servers if the primarys
do not immediately respond and then remember a cache of 1000 names or
so. But I realize that's probably wishing for too much. I would settle
for domain dependant DNS.


Bind-users mailing list
Bind-users at lists.elvandar.org

More information about the bind-users mailing list