New to Bind: Need Catch-All for domain parking

ics.org at donnacha.com ics.org at donnacha.com
Wed Nov 23 05:44:50 UTC 2005


Okay, so, is there a responsible, safe, recommended way to do this?

Clearly, there are lots of people achieving the desired affect but are 
they damaging the integrity/security of the 'Net by flaunting rules?

BTW, this question gets asked a lot but I've never seen any agreement on 
the right way to do it and, believe me, I've been through the archive.

It would be really useful if someone could give an unambigous 
recommendation to people interested in domain parking.

Donnache


Mark Andrews wrote:
>>Hmmm, that's an interesting wrinkle, that didn't occur to me. RFC 2308 
>>(i.e. you :-) says that the SOA of "the zone" must be returned as a 
>>negative caching record, where from context we infer that "the zone" 
>>refers to whatever zone the responding server is authoritative for. In 
>>this case, the server is authoritative for the root zone, albeit not 
>>publically known as such. So, according to what letter-of-the-law would 
>>a cache reject the negative caching record? I mean, does the owner of an 
>>SOA RR, when it's really *not* an SOA RR -- it's a negative caching 
>>record masquerading as an SOA RR -- really matter, functionally? It's 
>>not like there can be multiple negative caching records: if that were 
>>possible, I could see that it might be necessary to use the owner names 
>>to differentiate them.
>>
>>Or is this more of a Best Practice kind of thing, i.e. to reject things 
>>that look unusual and/or suspicious, in the name of safety and/or security?
>>
>>                                                                         
>>                                                         - Kevin
> 
> 
> 	It's a indication that something is misconfigured.
> 	Unfortunately history has show that accepting badness like
> 	this just leads to problems in the future.
> 
> 	Basically the OP want's to be lazy.  That laziness will
> 	cause problems for many people.
> 
> 	Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
> 
> 



More information about the bind-users mailing list