Hello,

I am looking for a DNS proxy that allows me to filter which DNS requests are answered and which ones are dropped.

The software should allow me to specify something like this:
192.168.1.5 "www.yahoo.com","www.google.com"
192.168.1.6 "www.google.com"

meaning that the first machine is allowed to resolve the specified 2 names, and the second only "www.google.com".

I have looked at the bind documentation and although I found the view concept, this does not appear to allow me to specify a list of allowed names.

Does anybody know of such a software?

i don't understand the application here... if you're that strict why use external DNS servers at all? just provide your own dns directly for those sites.

The application is as follows:
- In the production network we have a set of Windows, AIX and mainframe DNSes which work fine but are weakly secured. Each DNS manages a different domain.
- In our DMZ we don't have name resolution but we need to implement it. In order to avoid redundancy, we want to implement a proxy DNS. It will also be located in the production network (behind a firewall) but will only be used for requests coming from the DMZ and will forward the request to the correct DNS if it is authorized.
- Machines in DMZ should only be allowed to make name resolution if explicitely authorized by the "ACL" which I described in my first post. Thus is a machine was taken control of, it would be impossible to map out the internal network through the DNS as only the names needed for the applications running on that specific machine would be available.

Is that clearer?