caching only + wildcard

Josh Smith juicewvu at gmail.com
Thu Jun 26 21:05:20 UTC 2008 

This is typically a bad idea - dns is used for more than just browsing the web.

See the site finder fiasco
http://en.wikipedia.org/wiki/Site_Finder

Please do not break the DNS in this manner for your users.

Thanks,
Josh



On Thu, Jun 26, 2008 at 9:34 AM, idanj <idan.jan at gmail.com> wrote:
> Thank you for your reply, and sorry for not being clear. I'll try to
> explain again.
>
> We are a small ISP.
>
> We want to display a friendly message to our users whenever they are
> trying to access a non existent domain.
>
> So the flow we were thinking about is:
> 1. User queries our (caching-only) NS
> 2. Our NS checks the root servers and get a "NXDOMAIN" reply.
> 3. We return to the user an A RECORD with the IP address of our server
> 4. The user goes to that IP address and gets our error message.
>
> So we basically want the ability to add a wildcard record to our NS,
> but have that wildcard catch ONLY when our NS gets an NXDOMAIN reply
> from the root server.
>
> I hoped I explained myself OK this time.
>
> Thanks again
> Idan
>
>
> On Jun 26, 2:29 am, Kevin Darcy <k... at chrysler.com> wrote:
>> idanj wrote:
>> > Hello all,
>>
>> > We have 2BINDname servers configured as "caching-only".
>>
>> > Is it possible to set a wildcard A record ("catch all") on a these
>> > name server?
>>
>> > The problem is that when the server gets a query for a domain that
>> > doesn't exist in its cache, the server will return the wildcard reply
>> > instead of checking the root servers first.
>>
>> I'm confused about what you're trying to accomplish here. Are you saying
>> "return a wildcard record any time the answer is not in cache"? Even if
>> that were possible, how would you expect to *ever* get anything into
>> your cache in that case? Bear in mind that a caching-only nameserver
>> typically starts up with *nothing* in its cache, just some "hints"
>> information about where to find root nameservers. If you give back a
>> wildcard record for everything not in cache, then there's no reason to
>> *ever* go out and resolve *anything* or cache *anything*. You just give
>> the wildcard record for every query. You might as well be not even
>> connected to the Internet.
>>
>> I must be missing something here. Could you please clarify?
>>
>> Are you perhaps using the term "cache" to also cover
>> *authoritative*data*, i.e. where your (so-called) "caching-only"
>> nameserver is also master or slave for certain select zones, and you
>> want everything *else*, not in those zones, to get a wildcard response?
>> In that case, maybe your requirement might make sense...
>>
>> Or, could it be that you're trying to set up a DNS infrastructure on an
>> internal network, that has no connectivity to the Internet? If so, then
>> you're approaching it the wrong way. You don't want "wildcards" to
>> prevent your nameservers from going out and trying to talk to the
>> Internet root nameservers; what you want is to set up your *own* private
>> root zone, and point all of your nameservers at that root zone instead
>> of the Internet version.
>>
>>                            - Kevin
>
>
>



-- 
Josh Smith
email/jabber: juicewvu at gmail.com
phone: 304.237.9369(c)

() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments

More information about the bind-users mailing list