Hi, After googeling a lot I kinda gave up and ended here.
Im running a bind server, where we have out .loc zone on and also use it for caching. We have our domains hosted @ our ISP's DNS-Servers. Now recently management decided to migrate from cisco to linux-routers/firewalls. Now as you might know, there is a dns-doctoring feature on cisco devices, that will rewrite ip addresses in dns-query-responses. I found a nice non-cisco explanation by someone who had my problem some years ago: > My dns server sits outside my firewall on the internet and answers queries for both my internal network and the world. Of course it only contains real world ips. > The pix has an option (called alias) that doctors dns request from my internal lan so that the reply packet contains the internal ip address instead of the public address given out by my dns server. > This lets the internal machines access internal hosts via dns without having to run two dns servers. For example with following command: > > alias (inside) 192.168.0.5 245.243.3.5 255.255.255.255 > > all dns queries passing through the pix containing the address 245.243.3.5 are re-written to contain 192.168.0.5. He obviously didnt get an answer from the netfilter dudes... Well dnsMasq seems to have the -V option which seems to work like dns doctoring on cisco devices. Im curious if there is an equivalent function on bind servers. I do not want to have dhcpd + bind + dnsmasq on one machine and use some hacks (loopback interfaces + iptables redirects) to achieve dnsdoctoring with dnsmasq - if possible. Also creating zones for all domains and subdomains that are hosted on the remote nameservers is not an option either. If you have any ideas how to do dns doctoring with bind9 (or netfilter) please give me some hints ;) Greetz ~Jan _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users