Host-level forwarding override - DNS

This is a discussion on Host-level forwarding override - DNS ; First of all, I apologise if this is a FAQ. I have googled, google-grouped and read the ISC BIND FAQ before coming here. I work for a company (let's say that it's called foo) and have a foo-issued and managed ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Host-level forwarding override

  1. Host-level forwarding override

    First of all, I apologise if this is a FAQ. I have googled,
    google-grouped and read the ISC BIND FAQ before coming here.

    I work for a company (let's say that it's called foo) and have a
    foo-issued and managed laptop. What I'd like to be able to do is connect
    this laptop either directly to the company network, or to the internet,
    or to the company VPN, without changing its configuration. (Note that
    none of this is contrary to company policy).

    The specific problem that I have is that both the browser's proxy
    servers and the VPN servers are in zone foo.tld. However, since the
    proxy servers are on the intranet they are not resolvable from the Internet.

    I had begun tackling this problem by creating a master zone on my home
    DNS server for foo.tld, containing only the proxy servers (and in fact
    with the same IP addresses as on the intranet; I simply configured my
    firewall to reroute traffic to my own proxy server). The problem is that
    with this setup my DNS server authoritatively states that the VPN
    servers (or any other addresses in foo.tld) don't exist.

    I cannot request a zone transfer and simply edit that, because (1) zone
    transfers are not allowed by the foo.tld name servers, and (2) I don't
    want to have to keep doing this for ever more.

    My question therefore: Can I cause bind to first consult a local zone
    file for a domain, and if a query cannot be resolved by doing that
    forward the query to another name server?

    Thanks and best regards,

    Jan



  2. Re: Host-level forwarding override

    In article ,
    Jan Ceuleers wrote:

    > First of all, I apologise if this is a FAQ. I have googled,
    > google-grouped and read the ISC BIND FAQ before coming here.
    >
    > I work for a company (let's say that it's called foo) and have a
    > foo-issued and managed laptop. What I'd like to be able to do is connect
    > this laptop either directly to the company network, or to the internet,
    > or to the company VPN, without changing its configuration. (Note that
    > none of this is contrary to company policy).
    >
    > The specific problem that I have is that both the browser's proxy
    > servers and the VPN servers are in zone foo.tld. However, since the
    > proxy servers are on the intranet they are not resolvable from the Internet.
    >
    > I had begun tackling this problem by creating a master zone on my home
    > DNS server for foo.tld, containing only the proxy servers (and in fact
    > with the same IP addresses as on the intranet; I simply configured my
    > firewall to reroute traffic to my own proxy server). The problem is that
    > with this setup my DNS server authoritatively states that the VPN
    > servers (or any other addresses in foo.tld) don't exist.


    Create a master zone for proxy.foo.tld instead of foo.tld.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***



  3. Re: Host-level forwarding override

    Barry Margolin wrote:
    > Create a master zone for proxy.foo.tld instead of foo.tld.


    Barry,

    Unfortunately the proxy servers are named something like
    proxy{12}.foo.tld (i.e. not proxy{12}.proxy.foo.tld). Correct me if I'm
    wrong, but I don't think I can create master zones proxy1.foo.tld and
    proxy2.foo.tld and have queries to these resolve as if they were
    hostnames, or can I?

    For the avoidance of doubt, what I want to do is locally resolve queries
    for proxy1.foo.tld and proxy2.foo.tld, but forward queries for
    anyotherhostname.foo.tld to the foo.tld name servers.

    Thanks, Jan



  4. Re: Host-level forwarding override

    Barry Margolin wrote:
    > Create a master zone for proxy.foo.tld instead of foo.tld.


    I tried this and it works. Many thanks.

    The zone file looks like this:

    ====
    $TTL 86400
    @ IN SOA @ root.localhost (
    3 ; serial
    28800 ; refresh
    7200 ; retry
    604800 ; expire
    86400 ; ttl
    )

    @ IN NS penta.xperim.be.

    @ IN A 155.132.188.61
    @ IN A 155.132.188.24
    ====

    If the above file is created as /var/named/proxy1.foo.tld and declared
    as follows in /etc/named.conf, then queries to the A record
    proxy1.foo.tld resolve to the two IP addresses shown above, and all
    other queries to hosts in the foo.tld domain are forwarded.

    zone "proxy1.foo.tld" {
    type master;
    file "proxy1.foo.tld.zone";
    };

    Thanks again.

    Jan



  5. Re: Host-level forwarding override

    In article ,
    Jan Ceuleers wrote:

    > Barry Margolin wrote:
    > > Create a master zone for proxy.foo.tld instead of foo.tld.

    >
    > Barry,
    >
    > Unfortunately the proxy servers are named something like
    > proxy{12}.foo.tld (i.e. not proxy{12}.proxy.foo.tld). Correct me if I'm
    > wrong, but I don't think I can create master zones proxy1.foo.tld and
    > proxy2.foo.tld and have queries to these resolve as if they were
    > hostnames, or can I?


    Sure you can. What's the difference between that and having queries to
    foo.tld resolve as if they're hostnames?

    The zone file for proxy1.foo.tld would look like this:

    @ IN SOA ...
    IN NS yourmachine.domain.tld.
    IN A


    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***



+ Reply to Thread