Redirect DNS Requests

Barry Margolin barmar at
Mon Jan 19 21:57:08 UTC 2004

In article <buh7te$tb6$1 at>, "Matt" <nospam.hciss at> 

> We are a small ISP with dialup and wireless accounts.  We just inherited the
> Dialup side of another ISP.  Many of his users have statically assigned DNS
> entries and some point at IP's that occasionally just don't answer.  We are
> on AT&T now.
> We use Mikrotik Linux based routers.  They have configurable firewalls that
> allow things including Redirect and NAT.
> Would it be possible to use NAT to redirect all UDP port 53 packets to
> AT&T's DNS servers?  Would this cause total chaos?  We have tried it and it
> seems to work for the users with the wrong static DNS servers in there
> settings and there DNS lookups work reliably again.  It has caused chaos on
> one other occasion though.  We have one user that is running a W2K box that
> they use as there own DNS server and it goes directly to the root servers.
> Some reason it quit.

The reason this fails is because when a caching server queries an 
authoritative server, it doesn't set the Recursion Desired flag.  So the 
AT&T server isn't able to answer the query unless the answer just 
happens to be in its cache already.

> So is redirecting DNS requests transparently feasible or will it cause more
> trouble then its worth?  I could imagine when a DNS client is expecting to
> hear from a root or authorative DNS server and a recursive non-authorative
> answers it might cause trouble.  Would it only cause trouble in these cases
> when trying to use the root servers?  Would it help if I setup my own Linux
> box running bind and redirect to that?

What I think you should do is redirect *only* the addresses of the 
caching DNS servers that are no longer in operation.  That way, if a 
customer has their own DNS server that goes directly to authoritative 
servers, it won't be affected by the redirection.

Barry Margolin, barmar at
Arlington, MA

More information about the bind-users mailing list