BIND NXDOMAIN {REP=5.1}

Mark Andrews marka at isc.org
Thu Sep 25 22:58:38 UTC 2014


In message <01ce01cfd87b$0146fc00$03d4f400$@iprimus.com.au>, "Neil" writes:
> That solution worked Mark , Thank you.
> 
> One more question, is it possible perform the below, from the left to right
> The below does not work on NXDOMAIN override.
> 
> autodiscover.*.	IN	A	192.168.0.1
> 
> autodiscover.nxdomain.com.au should return 192.168.0.1
> autodiscover.domainnoexist.net.au should return 192.168.0.1
> 
> Is something like this possible?
> 
> Thanks
> Neil

You can add explict entries but a wildcard like that doesn't
work as that is not how DNS wildcards work.

Mark
 
> -----Original Message-----
> From: Mark Andrews [mailto:marka at isc.org] 
> Sent: Tuesday, 23 September 2014 9:49 AM
> To: Neil
> Cc: bind-users at isc.org
> Subject: Re: BIND NXDOMAIN {REP=5.1}
> 
> 
> You just have to break the wildcard matching.
> 
> *. IN A 10.100.100.4
> *.au. IN A 10.100.100.4
> *.com.au. IN A 10.100.100.4
> nooverride.com.au. TXT "break wildcard matching"
> nxreturn.com.au. TXT "break wildcard matching"
> 
> Mark
>  
> In message <00ab01cfd60d$1365a0a0$3a30e1e0$@iprimus.com.au>, "Neil" writes:
> > 
> > Hi,
> > 
> > We are investigating the features of NXDOMAIN redirect as explained in 
> > https://kb.isc.org/article/AA-00376/0/BIND-9.9-redirect-zones-for-NXDO
> > MAIN-r
> > edirection.html
> > 
> >  
> > 
> > We are running BIND 9.9 stream.
> > 
> >  
> > 
> > My question is, Is it possible to "whitelist" particular domains?, The 
> > ARM does
> > 
> > Not refer to any form of whitelisting
> > 
> >  
> > 
> >  
> > 
> > zone "." {
> >         type redirect;
> >         file "db.redirect" ;
> > };
> > 
> >  
> > 
> > So if my db.redirect has the below for Status=NXDOMAIN to return the 
> > below RR A
> > 
> >  
> > 
> > *. IN A 10.100.100.4
> > 
> >  
> > 
> >  
> > 
> > But I want to return status:NXDOMAIN for only the below domains
> > 
> >  
> > 
> > *.nooverride.com.au
> > 
> > *.nxreturn.com.au
> > 
> >  
> > 
> > Is this possible? If not a modification to query.c is the only option.
> > 
> > Has anyone got a src patch for this feature?
> > 
> >  
> > 
> > Thanks
> > 
> > Neil
> > 
> >  
> > 
> >  
> > 
> > 
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the bind-users mailing list