DNS forwarding for guest domains on isolated network

Hi @all, I'm having trouble to realize my use case and hope somebody could help me. # Use case For a home lab I want to deploy several guest domains. These domains must not have a direct or NAT connection to the internet or my LAN. They should only be able to reach my LAN and the internet through a proxy. # What I've done I've created the following virtual switch in isolated mode: $ sudo virsh net-dumpxml private1 <network connections='3'> <name>private1</name> <uuid>THE-UUID</uuid> <bridge name='virbr1' stp='on' delay='0'/> <mac address='DE:AD:BE:EF:FF:FF'/> <domain name='private1'/> <ip address='192.168.100.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.100.128' end='192.168.100.254'/> </dhcp> </ip> </network> I've setup a guest domain that serves as a proxy and several other guests. # My issue Nameresolution for *.private1 works fine on this network. But I'm not able to resolve domains from the outside world like github.com. I understood that libvirt is forwarding dns resolution requests to the hosts nameserver configured in /etc/resolv.conf in case the dnsmasq instance for the virtual network is not able to resolve the name. My guess, in my setup this don't work, because the virtual switch is in isolated mode, right? # My questions * What can I do to achieve my use case described above? * Is it possible to use the isolated mode here or do I have to use a different mode? It's important that the guest domains could only connect to the internet by using the proxy. Regards, Joerg