how to resolve all unknown names to 127.0.0.1 ?
Mark Andrews
Mark_Andrews at isc.org
Thu Jun 2 00:33:43 UTC 2005
> Hello All !
>
> There is a BIND 9.3.1. in deep intranet, so it hasn't access
> to root servers.
>
> It works as "forward only", forwards all non-auth queries to
> upstream NSs in intranet too. Connection to NSs in Internet
> to 53/udp and 53/tcp are impossible.
>
> In named.conf there are:
>
> (1) master intranet zones (about 20)
> (2) slave intranet zones (about 40)
> (3) forward-only Internet and intranet zones (about 200),
> forwarders are the same upstream NSs.
>
> So the question is:
> how to force BIND resolve _all_ names not from (1) or (2) or (3)
> to 127.0.0.1 ?
>
> Quick, simple and wrong solutin:
> make a zone "." type master, containing
> * IN A 127.0.0.1
> after that, all names from (3) gonna resolved to 127.0.0.1,
> seems that "resolve from most-specific zone first" algorythm
> is not implemented or forward zones are not authoritative.
>
> Working now, bad and time-consuming solution:
> i manually look at the dump of cache, recognize the names that
> should be resolved to 127.0.0.1, and make a fake zone from them:
> @ IN A 127.0.0.1
> * IN A 127.0.0.1
>
> Good and correct solution: ????
>
> === | /"\ ASCII RIBBON CAMPAIGN
> WBR, Dmitry A.Provodnikov | \ / AGAINST HTML (RTF)
> FIDO: 2:5000/97.31 | X MAIL AND NEWS
> Team [TBH-TNG] | / \
>
Tell the list what you are trying to achieve. Doing stuff
like this to the DNS is generally not the correct solution.
There is no configuration option that will cause named to
return a address instead of a NXDOMAIN / NODATA on A response.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list