Need help setting up forwarding

Rob Tanner rtanner at linfield.edu
Thu Oct 9 18:35:24 UTC 2008


Hi,
I have a web server behind a firewall and in it's own address space that 
eventually will become a DMZ.  The addresses on the public side of the 
firewall are not the same as on the private side, and the firewall takes 
care of the translations.  Here's the problem.  Because we run a proxy 
service for the library on that server, sometimes the server has to look 
up it's own address and send a get request to itself.  But what it gets 
when it looks itself up is its public, in front of the firewall 
address.  And because it's behind the firewall, it can't reach that address.

Normally, /etc/hosts would be the perfect solution except that the proxy 
service requires wild card lookups (i.e., *.ezproxy.linfield.edu) and 
/etc/hosts does not recognize wild cards.  The option I can think of is 
running a local DNS with forwarding enabled.  There are only 4 IP 
addresses that the local server will be authoritative for (one 
in-addr.arpa segment), but it needs to think that it's authoritative for 
the entire linfield.edu domain but forward any address it can't resolve 
in that domain (i.e., any hostname that not one of the 4) to one of our 
regular servers.  And that's what I can't figure out how to do. 

Can this even be done?

Thanks,

Rob Tanner
UNIX Services Manager
Linfield College, Oregon





More information about the bind-users mailing list