Redirecting Unresolved Domains to a Host
chrish
chrish at hitOmeter.NET
Tue Aug 12 21:23:14 UTC 2008
On 14 Feb 2008 15:15:49 +0000, Paul Vixie <Paul_Vixie at isc.org> wrote:
> "Gaurav Pruthi" <gkpruthi at gmail.com> writes:
>
>> I know it's not a good idea. But i want to give it to my few customers
> as
>> per their requirement. Only few of my customer will use that DNS for
>> resolution of domains. I trust it is possible but have no information
>> about configuring it.
>>
>> Please Advice
>
> there is no BIND feature for this, and no underlying IETF DNS protocol
> element for signalling it. simply remapping NXDOMAIN into a response
> runs the risk of sending non-HTTP traffic (P2P, e-mail, B2B, etc) to an
> HTTP-only host. ISC has historically avoided such features since while
> they can help ISPs monetize user errors, they give no benefit to users
> and in fact come at some risk and cost to users.
>
> the best way to do this is, as marka said, to use policy routing and an
> HTTP proxy that's configured to do some advertising-related thing when
> an URI's domain does not exist (or perhaps even when the web server for
> such a URI is not reachable.) some such proxies even allow the real web
> page to be put into a frame, surrounded by the ISP's own content. if
> your business model requires this kind of feature, then an HTTP proxy is
> the right way to provide it.
>
> there are also web browser plugins that your customers can install if as
> you say this really is a customer requirement.
>
> ISC would be willing to pursue this as a BIND feature if there was funding
> for it and if the effort included an IETF DNS protocol extension so that
> users could "opt in" to the feature, and so that any remapped responses
> were clearly marked as having been remapped rather than as "real
> NXDOMAIN".
>
> meanwhile ISC will continue to push for DNSSEC in the hope that this kind
> of thing simply cannot be done at all in the way it's often done today
> (using faked NXDOMAIN responses from full resolvers toward stub
> resolvers.)
Is there any way to insure that this sort of thing will never be possible?
> --
> Paul Vixie
/////////////////////////////////////////////////////
Service provided by hitOmeter.NET internet messaging!
.
More information about the bind-users
mailing list