BIND problem

Michael Torrie torriem at
Fri Sep 23 09:41:02 MDT 2005

On Thu, 2005-09-22 at 16:13 -0600, Corey Edwards wrote:
> I'm doing that for a few zones, actually. The one caveat is that
> will *not* work. Generally speaking, that
> shouldn't be a problem.

I've figured out a way to do what I want to do.  This is a horrible
abuse of DNS, but it works.  Basically I run the * domain,
but I also host a few sites like and that are coming from my DMZ.  The problem is that
from inside my private network, due to translation issues, I cannot
directly access the outside IP address that maps to the private ip
address of the server inside my DMZ.  So in order to give access to
these sites for my users inside my private network, I have to intercept
DNS requests for theses sites and return the private IP address instead
of the public on.  So I ended up setting up an authoritative zone file
for each of my hosted sites with just one entry in it. For example:

$TTL 10800      ; 3 hours      IN SOA (
                                1        ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                3600       ; minimum (1 hour)

$TTL 10800      ; 3 hours      IN      A

This pretends that is actually a DNS domain in its own
right, but with only itself as the sole ip address in this domain.

I have to make a separate zone for each of my hosted sites, but that's
not too bad.  Anything that is * passes through just fine, even
* or *

Thanks for suggesting this idea.  With a little modification it works
well for me.  If you wanted to block you could probably
do something similar.


> Corey
> /*
> PLUG:, #utah on
> Unsubscribe:
> Don't fear the penguin.
> */
Michael Torrie <torriem at>

More information about the PLUG mailing list