Wildcarded nameservers

Mark Andrews Mark_Andrews at isc.org
Sat Sep 3 23:47:12 UTC 2005 

> Hi,
> I run a bind 9.2.1 nameserver with the following configuration.
> 
> //named.conf
> options {
> directory "/var/named";
> pid-file "named.pid";
> allow-recursion {127.0.0.1 <http://127.0.0.1>;};
> };
> 
> logging {
> category default { default_syslog; default_debug; };
> };
> 
> zone "." IN {
> type master;
> file "named.rr";
> allow-update {none;};
> allow-transfer {none;};
> notify no;
> };
> 
> //named.rr
> $TTL 86400
> @ IN SOA . hostmaster.mydomain.com <http://hostmaster.mydomain.com>. (
> 2005090201 ; Serial
> 28800 ; Refresh
> 14400 ; Retry
> 3600000 ; Expire
> 1 ) ; Minimum
> IN NS dns1.mydomain.com <http://dns1.mydomain.com>.
> IN NS dns2.mydomain.com <http://dns2.mydomain.com>.
> IN A 209.xx.xx.xx
> * IN A 209.xx.xx.xx
> 
> dns1.mydomain.com <http://dns1.mydomain.com>. IN A 69.xx.xx.xx
> dns2.mydomain.com <http://dns2.mydomain.com>. IN A 69.xx.xx.xx
> 
> I use this as a wildcarded nameserver i,e for any domain that i wish to 
> host, i change the nameservers 
> for that domain to dns1.mydomain.com <http://dns1.mydomain.com> and 
> dns2.mydomain.com <http://dns2.mydomain.com>.

	Fix your stupid mail client to not add URLs to the email for
	everthing that looks like a hostname.
 
> This works very well, however i have noticed something strange happening in 
> the last few days. My webserver, started 
> receiving traffic for domains that is not hosted on this webserver. Whois 
> shows that there nameservers are different and 
> logically my webserver should not be receiving that domains traffic. At the 
> same time, i checked up dns lookups for this 
> domain name from lot of different sources and they all seem to be pointing 
> to the original IP address of that domain and 
> not to my webserver.
> 
> This makes me believe that some buggy nameservers cached my nameserver as 
> "." and are sending requests for any 
> domain to my dns server which returns my web server IP address for any 
> domain queried. 
> 
> A normal dns response from my nameserver is below.
> 
> [root at xbox root]# dig @dns1.mydomain.com <http://dns1.mydomain.com>
> test.com<http://test.com>
> 
> ;; QUESTION SECTION:
> ;test.com. IN A
> 
> ;; ANSWER SECTION:
> test.com <http://test.com>. 86400 IN A 209.xx.xx.xx
> 
> ;; AUTHORITY SECTION:
> . 86400 IN NS dns1.mydomain.com <http://dns1.mydomain.com>.
> . 86400 IN NS dns2.mydomain.com <http://dns2.mydomain.com>.
> 
> ;; ADDITIONAL SECTION:
> dns1.mydomain.com <http://dns1.mydomain.com>. 86400 IN A 69.xx.xx.xx
> dns2.mydomain.com <http://dns2.mydomain.com>. 86400 IN A 69.xx.xx.xx
> 
> Can this cause the problem i have described ? Would changing the TTL to 1 
> and setting 
> minimal-reponses to yes solve the problem ?
> 
> TIA
> dushyanth

	You have managed to poison some caches.  If you had used
	the DNS as it was designed to be used and only claimed
	authority for the namespace you have authority for then
	that wouldn't have happen.  Is it really a lot of work to
	add a new entry to the nameserver for each zone you get?
	
	Mark.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list