Slowing down bind answers ?

[Mark Andrews]

In message <52C5E922.6030502 at nryc.fr>, "Nicolas C." writes:
> Hello,
> 
> Is it possible to make bind answering slowly to requests ?
> 
> Here is the context : we installed new DNS servers but some clients with 
> static IP configuration are still using the old ones.
> 
> We enabled queries logging to track the badly-configured workstations 
> and warned the persons but as far as is it still working, they don't 
> seem to be willing to change their static IP configuration to DHCP.
> 
> Before stopping completely the old servers I'd like to slowly degrade 
> the service and make the old DNS slow in order to force them to react.
> 
> I'm sure it's possible to do it at a network-level (with iptables) but 
> I'm curious to know if it's possible to do it directly with bind.

Newer versions of named have undocumented and subject to change
test arguments one of which is to introduce delay (-T delay=xxxx,
xxxx is in milliseconds).

If you blackhole the clients you will force the clients to switch
to another server after timing out.  This is better than turning
the server off if you want to get their attention as it won't
generate ICMP unreachable.

	blackhole { acl; };

After that specify a final date for them to fix their machines by
after which you will send NXDOMAIN responses.  Sometimes sending a
poisoned reponse is the only way to get peoples attention.

zone "." {
	type master;
	file "empty";
};

empty:
@ 0 IN SOA . stop.using.this.nameserver 0 0 0 0 0
@ 0 IN NS .
@ 0 IN A 127.0.0.1

> Regards,
> 
> Nicolas
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org