<div dir="ltr">As discussed in another thread, delegate the zone you want to forward, in addition to defining the zone as "type forward". If you already tried a "type forward" and it didn't work, it was probably because the delegation was missing. It's a non-obvious requirement, but named needs to see the zone cut.<div><br></div><div> - Kevin</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Feb 20, 2019 at 3:19 PM King, Harold Clyde (Hal) <<a href="mailto:hck@utk.edu">hck@utk.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div class="gmail-m_3564785182082468126WordSection1">
<p class="MsoNormal"><span style="font-size:11pt">We have a URL phishing setup that causes URLs we detect to redirect to a warning page. We have run into a problem. One of our clients has scripts that he calls from a host in that domain.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt"><a href="http://Needs.example.com" target="_blank">Needs.example.com</a> when we block <a href="http://example.com" target="_blank">example.com</a>.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt">Can I create a root zone to define a wildcard pointing to our warning page with one hostname defined going to a forward’ed DNS source? I could just give it an IP, but can I forward that one domain to outside
DNS (Google or their NS repository)? <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt">Here’s a very rough draft of the root zone:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt">$ORIGIN .<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt">$TTL 3600<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt"><a href="http://example.com" target="_blank">example.com</a> IN SOA <a href="http://us.ourdns.com" target="_blank">us.ourdns.com</a>. <a href="http://helpdesk.ourdns.com" target="_blank">helpdesk.ourdns.com</a>.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt">* CNAME <a href="http://url-blocking.ourdns.com" target="_blank">url-blocking.ourdns.com</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt">needs forward(8.8.8.8)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:-webkit-standard;color:black">--<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:-webkit-standard;color:black">Hal
</span><span style="font-size:11pt;color:black"><u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div>