(This is probably a silly question, but I want to explore every possibility.)
We have a proxy firewall, with no contact between inside and outside. We have a fake internal DNS root for zones that we use internally. This works fine, since lookup of external names are only made from the outside of the proxy servers. We are about to change to a transparent firewall, which means that we remove the proxy servers. Then we have to let the inside get access to real outside DNS. Is there any way with bind, or any other DNS product, to keep our internal fake zones and have them selectively forwarded to external DNS for all names that don't exist in the internal fake zones? Clients would first ask internal DNS, and if the name exists there they will use that, but if the name doesn't exist internally they won't get a negative response. Instead their request would be forwarded to external DNS. Thanks! Peter Olsson _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
