I have a web server behind a firewall and in it's own address space that
eventually will become a DMZ. The addresses on the public side of the
firewall are not the same as on the private side, and the firewall takes
care of the translations. Here's the problem. Because we run a proxy
service for the library on that server, sometimes the server has to look
up it's own address and send a get request to itself. But what it gets
when it looks itself up is its public, in front of the firewall
address. And because it's behind the firewall, it can't reach that address.

Normally, /etc/hosts would be the perfect solution except that the proxy
service requires wild card lookups (i.e., *.ezproxy.linfield.edu) and
/etc/hosts does not recognize wild cards. The option I can think of is
running a local DNS with forwarding enabled. There are only 4 IP
addresses that the local server will be authoritative for (one
in-addr.arpa segment), but it needs to think that it's authoritative for
the entire linfield.edu domain but forward any address it can't resolve
in that domain (i.e., any hostname that not one of the 4) to one of our
regular servers. And that's what I can't figure out how to do.

Can this even be done?


Rob Tanner
UNIX Services Manager
Linfield College, Oregon