BIND redirect all lookups

ext Mark Andrews Mark_Andrews at isc.org
Fri Mar 21 21:30:47 UTC 2008 

> On Mar 21, 11:26 am, Barry Margolin <bar... at alum.mit.edu> wrote:
> > In article <fs0v0r$312... at sf1.isc.org>,
> >  David Ford <da... at blue-labs.org> wrote:
> >
> > > akmattb wrote:
> > > > I am in the process of trying to setup a quarantine type vlan on our
> > > > company network. I would like to have any computer on that network
> > > > have DNS lookups redirected to a local web server that displays a
> > > > terms or use page, and other misc information
> >
> > Create a view on your DNS server that's authoritive for the root zone,
> > and this zone contains a wildcard A record that points to your special
> > web server.  Then put the IPs of the quarantined machines into the
> > view's client match ACL.
> >
> >
> >
> > > Entirely as an aside, there is nothing about "VLAN" that adds any form
> > > of security.  It's simply 4 extra bytes in the link layer header.
> > > Please keep that in mind.
> >
> > But it's added and processed by the switches, not the leaf nodes, so the
> > users can't forge it or get around it.
> >
> > --
> > Barry Margolin, bar... at alum.mit.edu
> > Arlington, MA
> > *** PLEASE don't copy me on replies, I'll read them in the group ***
> helpdesk4 is the name of the server bind is running on ... its the
> only servers that end machines will have contact with.
> would this be like the following for named.conf:
> zone "." {
> 	type master;
> 	file "db.lockdown";
> };
> 
> then in db.lockdown:
> $ORIGIN helpdesk4.
> $TTL 86400
> @     IN     SOA    helpdesk4.     helpdesk4. (
>                     2001062501 ; serial
>                     21600      ; refresh after 6 hours
>                     3600       ; retry after 1 hour
>                     604800     ; expire after 1 week
>                     86400 )    ; minimum TTL of 1 day
> 
> * IN A 192.168.86.1

	There  is no NS record above.
	Unqualified hostnames went out 20 years ago.
	Use a valid email address in the SOA record.

$TTL 600
	SOA	helpdesk4.<company>.  <support's email address>. (
			1 21600 3600 604800 600 )
	NS	helpdesk4.<company>.
*	A	192.168.86.1

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list