caching only + wildcard

idanj idan.jan at
Thu Jun 26 13:34:03 UTC 2008

Thank you for your reply, and sorry for not being clear. I'll try to
explain again.

We are a small ISP.

We want to display a friendly message to our users whenever they are
trying to access a non existent domain.

So the flow we were thinking about is:
1. User queries our (caching-only) NS
2. Our NS checks the root servers and get a "NXDOMAIN" reply.
3. We return to the user an A RECORD with the IP address of our server
4. The user goes to that IP address and gets our error message.

So we basically want the ability to add a wildcard record to our NS,
but have that wildcard catch ONLY when our NS gets an NXDOMAIN reply
from the root server.

I hoped I explained myself OK this time.

Thanks again

On Jun 26, 2:29 am, Kevin Darcy <k... at> wrote:
> idanj wrote:
> > Hello all,
> > We have 2BINDname servers configured as "caching-only".
> > Is it possible to set a wildcard A record ("catch all") on a these
> > name server?
> > The problem is that when the server gets a query for a domain that
> > doesn't exist in its cache, the server will return the wildcard reply
> > instead of checking the root servers first.
> I'm confused about what you're trying to accomplish here. Are you saying
> "return a wildcard record any time the answer is not in cache"? Even if
> that were possible, how would you expect to *ever* get anything into
> your cache in that case? Bear in mind that a caching-only nameserver
> typically starts up with *nothing* in its cache, just some "hints"
> information about where to find root nameservers. If you give back a
> wildcard record for everything not in cache, then there's no reason to
> *ever* go out and resolve *anything* or cache *anything*. You just give
> the wildcard record for every query. You might as well be not even
> connected to the Internet.
> I must be missing something here. Could you please clarify?
> Are you perhaps using the term "cache" to also cover
> *authoritative*data*, i.e. where your (so-called) "caching-only"
> nameserver is also master or slave for certain select zones, and you
> want everything *else*, not in those zones, to get a wildcard response?
> In that case, maybe your requirement might make sense...
> Or, could it be that you're trying to set up a DNS infrastructure on an
> internal network, that has no connectivity to the Internet? If so, then
> you're approaching it the wrong way. You don't want "wildcards" to
> prevent your nameservers from going out and trying to talk to the
> Internet root nameservers; what you want is to set up your *own* private
> root zone, and point all of your nameservers at that root zone instead
> of the Internet version.
>                            - Kevin

More information about the bind-users mailing list