Redirect DNS Requests
barmar at alum.mit.edu
Mon Jan 19 21:57:08 UTC 2004
In article <buh7te$tb6$1 at sf1.isc.org>, "Matt" <nospam.hciss at yahoo.com>
> We are a small ISP with dialup and wireless accounts. We just inherited the
> Dialup side of another ISP. Many of his users have statically assigned DNS
> entries and some point at IP's that occasionally just don't answer. We are
> on AT&T now.
> We use Mikrotik Linux based routers. They have configurable firewalls that
> allow things including Redirect and NAT.
> Would it be possible to use NAT to redirect all UDP port 53 packets to
> AT&T's DNS servers? Would this cause total chaos? We have tried it and it
> seems to work for the users with the wrong static DNS servers in there
> settings and there DNS lookups work reliably again. It has caused chaos on
> one other occasion though. We have one user that is running a W2K box that
> they use as there own DNS server and it goes directly to the root servers.
> Some reason it quit.
The reason this fails is because when a caching server queries an
authoritative server, it doesn't set the Recursion Desired flag. So the
AT&T server isn't able to answer the query unless the answer just
happens to be in its cache already.
> So is redirecting DNS requests transparently feasible or will it cause more
> trouble then its worth? I could imagine when a DNS client is expecting to
> hear from a root or authorative DNS server and a recursive non-authorative
> answers it might cause trouble. Would it only cause trouble in these cases
> when trying to use the root servers? Would it help if I setup my own Linux
> box running bind and redirect to that?
What I think you should do is redirect *only* the addresses of the
caching DNS servers that are no longer in operation. That way, if a
customer has their own DNS server that goes directly to authoritative
servers, it won't be affected by the redirection.
Barry Margolin, barmar at alum.mit.edu
More information about the bind-users