Forwarding requests when DNS name doesn't exist?

Peter Olsson pol at
Thu Oct 10 08:28:07 UTC 2013

(This is probably a silly question, but I
want to explore every possibility.)

We have a proxy firewall, with no contact
between inside and outside. We have a fake
internal DNS root for zones that we use
internally. This works fine, since lookup
of external names are only made from the
outside of the proxy servers.

We are about to change to a transparent
firewall, which means that we remove the
proxy servers. Then we have to let the
inside get access to real outside DNS.

Is there any way with bind, or any other
DNS product, to keep our internal fake zones
and have them selectively forwarded to external
DNS for all names that don't exist in the
internal fake zones?
Clients would first ask internal DNS, and if
the name exists there they will use that, but
if the name doesn't exist internally they won't
get a negative response. Instead their request
would be forwarded to external DNS.


Peter Olsson

More information about the bind-users mailing list