Dns doctoring/dnsmasq -V on bind?

Phil Mayers p.mayers at imperial.ac.uk
Mon Jan 17 11:17:16 UTC 2011

On 17/01/11 00:23, someone wrote:
> If you have any ideas how to do dns doctoring with bind9 (or netfilter)
> please give me some hints ;)

Have you considered that this will break DNSSEC, and as time goes by, 
may not work at all (if clients become full validating DNSSEC resolvers)?

I'm a little curious why you don't leave the DNS responses unchanges, 
and instead NAT the actual IP traffic, which would surely have the same 
effect i.e.

iptables -t nat -A PREROUTING -d -j DNAT --to

More information about the bind-users mailing list