How to host a single record

Jeff Lasman blists at
Wed Jan 28 01:40:41 UTC 2004

On Tuesday 27 January 2004 01:22 pm, Eric Schubert wrote:

> My company '' (not really :)) is an ISP/ASP in that we host
> domains and web applications on our custom platform. We usually host
> the entire domain and have a unique zone file for each domain and our
> DNS server is the authoritative server for all requests for that
> domain.

Hiding your real domain name does nothing except make it impossible for 
any of us have access to reliable information in attempting to help 

> Here's what I need help with. We need to host only a host not the
> entire domain and not a subdomain for a new customer.
> '' has it's domain registered and pointing to their
> DNS servers and they have 1 A record 'certify' pointing to our
> webserver

As it should be.

> nslookup on and points to
> web servers nslookup on point
> to our webservers.

Also as it should be.

> Question: How do I alter the zone file below for so
> it only answers for 'certify' and nothing else?

You shouldn't be authoritative for their site at all.

Why would you want to be?

Why would they want you to be?

> Here's a template of a 'standard' zone file for our setup.
> -------------------------------------------------------
> $ORIGIN com.
> newcompany      10800   IN      SOA
> ( 2001050201 3600 900 86400 10800 )
> ;Cl=2
>                 10800   IN      NS             
> ;Cl=2 10800   IN      NS              ;Cl=2 10800  
> IN      MX      10 ;Cl=2
>                 10800   IN      A
> ;Cl=2
> mywebs          10800   IN      A            ;Cl=2
> www             10800   IN      CNAME   mywebs
> ;Cl=2
> ftp             10800   IN      CNAME              
> ;Cl=2 secure          10800   IN      CNAME         
>   ;Cl=2

Best bet would be for you to not have a zone file, and to not list what 
you call in your conf file.

But if for some reason you need to be authoritative for the certify 
subdomain, then they need to change their DNS to take out the A record 
for certify, and add two NS records for certify, one for each of your 

Then you could use something like this:

certify          10800   IN      SOA (
                         2001050201 3600 900 86400 10800 )

certify          10800   IN      NS             
certify          10800   IN      NS
certify          10800   IN      MX      10
certify          10800   IN      A

Where would be your name server, and would be public address 
rather than the nonroutable address you've given us as an example.

If they also want you to be able to serve pages for, then you should also have an A record for 

DNS is arguably the largest and most publicly accessable distributed 
database in the world; why would you want to hide from us information 
we can use to help you?

Jeff Lasman,, P. O. Box 52672, Riverside, CA  92517 US
Professional Internet Services & Support / Consulting / Colocation
Our blists address used on lists is for list email only
Phone +1 909 324-9706, or see: ""

More information about the bind-users mailing list