Host-level forwarding override

Jan Ceuleers janspam.ceuleers at
Fri Oct 13 14:15:02 UTC 2006

First of all, I apologise if this is a FAQ. I have googled, 
google-grouped and read the ISC BIND FAQ before coming here.

I work for a company (let's say that it's called foo) and have a 
foo-issued and managed laptop. What I'd like to be able to do is connect 
this laptop either directly to the company network, or to the internet, 
or to the company VPN, without changing its configuration. (Note that 
none of this is contrary to company policy).

The specific problem that I have is that both the browser's proxy 
servers and the VPN servers are in zone foo.tld. However, since the 
proxy servers are on the intranet they are not resolvable from the Internet.

I had begun tackling this problem by creating a master zone on my home 
DNS server for foo.tld, containing only the proxy servers (and in fact 
with the same IP addresses as on the intranet; I simply configured my 
firewall to reroute traffic to my own proxy server). The problem is that 
with this setup my DNS server authoritatively states that the VPN 
servers (or any other addresses in foo.tld) don't exist.

I cannot request a zone transfer and simply edit that, because (1) zone 
transfers are not allowed by the foo.tld name servers, and (2) I don't 
want to have to keep doing this for ever more.

My question therefore: Can I cause bind to first consult a local zone 
file for a domain, and if a query cannot be resolved by doing that 
forward the query to another name server?

Thanks and best regards,


More information about the bind-users mailing list