Redirecting Unresolved Domains to a Host

chrish chrish at hitOmeter.NET
Tue Aug 12 21:23:14 UTC 2008 



On 14 Feb 2008 15:15:49 +0000, Paul Vixie <Paul_Vixie at isc.org> wrote:
> "Gaurav Pruthi" <gkpruthi at gmail.com> writes:
> 
>> I know it's not a good idea. But i want to give it to my few customers
> as
>> per their requirement.  Only few of my customer will use that DNS for
>> resolution of domains.  I trust it is possible but have no information
>> about configuring it.
>>
>> Please Advice
> 
> there is no BIND feature for this, and no underlying IETF DNS protocol
> element for signalling it.  simply remapping NXDOMAIN into a response
> runs the risk of sending non-HTTP traffic (P2P, e-mail, B2B, etc) to an
> HTTP-only host.  ISC has historically avoided such features since while
> they can help ISPs monetize user errors, they give no benefit to users
> and in fact come at some risk and cost to users.
> 
> the best way to do this is, as marka said, to use policy routing and an
> HTTP proxy that's configured to do some advertising-related thing when
> an URI's domain does not exist (or perhaps even when the web server for
> such a URI is not reachable.)  some such proxies even allow the real web
> page to be put into a frame, surrounded by the ISP's own content.  if
> your business model requires this kind of feature, then an HTTP proxy is
> the right way to provide it.
> 
> there are also web browser plugins that your customers can install if as
> you say this really is a customer requirement.
> 
> ISC would be willing to pursue this as a BIND feature if there was funding
> for it and if the effort included an IETF DNS protocol extension so that
> users could "opt in" to the feature, and so that any remapped responses
> were clearly marked as having been remapped rather than as "real
> NXDOMAIN".
> 
> meanwhile ISC will continue to push for DNSSEC in the hope that this kind
> of thing simply cannot be done at all in the way it's often done today
> (using faked NXDOMAIN responses from full resolvers toward stub
> resolvers.)

Is there any way to insure that this sort of thing will never be possible?

> --
> Paul Vixie
/////////////////////////////////////////////////////
Service provided by hitOmeter.NET internet messaging!
.

More information about the bind-users mailing list