DNS queries to blocked countries?

Jeff Lightner jlightner at water.com
Thu Jun 21 16:12:58 UTC 2007 

OK I know this sounds like a stupid question but figured I'd ask anyway.
We currently have customers who have signed up to get email from us.
However, the MX record won't resolve because the primary DNS for the
customers is in a country we block inbound/outbound.    Essentially the
dig +trace and whois both stop at the point the root servers hand off to
servers in those remote countries.

An example would be "Samsung.com".   Although the user is actually in
the U.S., Samsung is a South Korean company.  Due to this we can't get
the MX record which may or may not point to a U.S. server.   I'm
wondering if there is any way I can setup things so the resolution for
countries we block is reported back by some other server that would be
U.S. based that doesn't block these countries?

dig +trace -t MX samsung.com

; <<>> DiG 9.2.1 <<>> +trace -t MX samsung.com
;; global options:  printcmd
.                       169576  IN      NS      K.ROOT-SERVERS.NET.
.                       169576  IN      NS      L.ROOT-SERVERS.NET.
.                       169576  IN      NS      M.ROOT-SERVERS.NET.
.                       169576  IN      NS      A.ROOT-SERVERS.NET.
.                       169576  IN      NS      B.ROOT-SERVERS.NET.
.                       169576  IN      NS      C.ROOT-SERVERS.NET.
.                       169576  IN      NS      D.ROOT-SERVERS.NET.
.                       169576  IN      NS      E.ROOT-SERVERS.NET.
.                       169576  IN      NS      F.ROOT-SERVERS.NET.
.                       169576  IN      NS      G.ROOT-SERVERS.NET.
.                       169576  IN      NS      H.ROOT-SERVERS.NET.
.                       169576  IN      NS      I.ROOT-SERVERS.NET.
.                       169576  IN      NS      J.ROOT-SERVERS.NET.
;; Received 244 bytes from 127.0.0.1#53(127.0.0.1) in 25 ms

com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
;; Received 489 bytes from 193.0.14.129#53(K.ROOT-SERVERS.NET) in 119 ms

samsung.com.            172800  IN      NS      dnssm.samsung.com.
samsung.com.            172800  IN      NS      dnsss.samsung.com.
;; Received 101 bytes from 192.5.6.30#53(a.gtld-servers.net) in 22 ms

dig: Couldn't find server 'dnssm.samsung.com': Name or service not known

P.S.  Don't tell me to unblock the countries - that's a political
football being tussled over at a different level.

More information about the bind-users mailing list