Bogus Wild Card DNS
Stacey Marshall
stacey.marshall at gmail.com
Mon Apr 11 16:56:35 UTC 2011
On 11 April 2011 14:04, Martin McCormick <martin at x.it.okstate.edu> wrote:
> Stacey Marshall writes:
> > I'm not certain as to what it is your trying to do exactly, but the hint
> > zone should provide addresses of root servers. One of which will be
> > contacted to download the list of root nameservers.
>
> This is a special-purpose DNS used for network
> registration in which unauthenticated clients can only get
> either a registration server or a few lookups to places like
> Apple and Microsoft to download patches before we let them on
> the production network. It is not meant to be the least bit
> normal as far as the usual application of DNS goes.
>
> the hint zone basically serves itself as root.
>
Fair enough, the root server listed in the fake list would also need to load
the zone, for example:
zone "." in {
type hint;
file "root.hint";
};
zone "." in {
type master;
file "root.zone";
}
The hint file has a format that simply lists the Address and PTR records, as
observed from a simple "dig | grep -v '^;'", for example:
. 518400 IN NS our.fake.root.
our.fake.root. 3600000 IN A 192.168.0.1
The actual master zone must have the SOA, NS records, glue and the wildcard.
Hope that helps.
Stace
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110411/22855cf8/attachment.html>
More information about the bind-users
mailing list