Is there a way...

dbotham at dbotham at
Thu Jun 6 13:51:26 UTC 2002

This solution to your problem is ugly, but, I think it will work.

So, here it is...

Load a seperate zone for each hostname you wish to resolve locally.

eg:  to resolve and, but not, load the following zones:

zone "" {...

zone "" {...

Do NOT load a zone for host3...

Then, make a zone database file for each zone with an A Recored like this
one in it:

@     IN    A ;or whatever IP you want

Of course, the zone files would need an soa record as well.

If these zones are loaded on the name server your resolvers use, then you
will in effect "intercept" queries for these hosts only and all other hosts
in will be resolved by the usual channels.

I think it is important to say that implementing what I have described
above breaks most conventions adhered to by dns admins and probably a few
BCPs as well.  It could also cause real problems for the next admin that
comes along that can't figure out what in the !@#!@ is going on... :)  You
probably want to find a way to bring the other aspects of the network into
a more "standards tolorent" posture...



|         |           those who know me|
|         |           have no need of  |
|         |           my name          |
|         |           <not-a-real-addre|
|         |           ss at>      |
|         |           Sent by:         |
|         |           bind-users-bounce|
|         |          |
|         |                            |
|         |                            |
|         |           06/05/2002 06:07 |
|         |           PM               |
|         |                            |
  |                                                                                                                              |
  |       To:       comp-protocols-dns-bind at                                                                              |
  |       cc:                                                                                                                    |
  |       Subject:  Re: Is there a way...                                                                                        |

in comp.protocols.dns.bind i read:

>My employer manages several distributed networks which are privately
>addressed.  There are some pieces of software which react oddly to NAT,
>or rather the specific implementation of NAT.  The easiest solution in
>these cases would be to be able to run a zone for their domain mapping
>certain hostnames to private addresses, and then forwarding all other
>requests to the real authoritative server, wherever that might be.
>Right now, we use hosts files, which is a real train wreck... :-)

bind doesn't support this, as stated.  you could create a zone specifically
to hold these hosts, over which your servers can be authoritative, and tell
your apps to use hostnames int that zone, e.g., zone=fake.domain.tld.

i'm not sure any other dns software would do it either, though i don't know
that for sure.  given the number of times this is asked for one might think
that it would appear in bind, but the bind developers are very zone
oriented, so i think it's unlikely to appear.

alternatives: replace the bogus nat device(s), or use nis and/or ldap.
none of which is topical here, except perhaps how the nat device is b0rked.

bringing you boring signatures for 17 years

More information about the bind-users mailing list