Return a default record for invalid requests (non existent domain).
Robert Messinger
lists at mail.tiggee.com
Wed Sep 4 23:22:34 UTC 2002
So does this mean I can return a default record?
I didn't want to create a zone file for each domain.
Can BIND do this?
On Thu, 5 Sep 2002 Mark_Andrews at isc.org wrote:
>
> >
> > Robert Messinger wrote:
> >
> > > I have had many people throw their NS records on our DNS servers.
> > > Just to either park them or to kill off old links and requests.
> > >
> > > But since the domains do not exist on my nameserver they are
> > > getting slammed my these invalid requests (and I don't believe
> > > the negative response is cached since the domain does not exist).
> > >
> > > In BIND is it possible to return a default record for domains which
> > > do not exist on the system? Is it even legal to give back an
> > > answer? (I feel like sending everyone to a porn site or something.)
> > > It's bandwidth to our systems so I believe I can return whatever I want
> > > but I may be wrong here. But there are over 500,000 invalid requests
> > > a day for some domains.
> >
> > My opinion is: if someone points an NS to my nameserver, they are giving
> > me authority to return whatever I want for queries in that domain.
> >
> > I don't know if the law agrees with me on this, though. I suspect that
> > there is a conspicuous lack of legal precedent in this area. Do you feel
> lucky?
> >
> >
> > - Kevin
>
> Well registrars *should* be checking before changing NS
> records that the organization hosting the new nameservers
> approves of the change. Make sure you havn't given blanket
> approval in the past.
>
> You should complain the the registrar that approved the change
> without first verifying the change was valid. You should get
> them to remove the offending NS records.
>
> Note: it might take a law-suit or two before they all get
> the idea that blindly changing NS records to point to third
> party servers is wrong. It would be nice to think that one
> wouldn't have to go down that path but I expect that it
> will need a test case given history. Before going down
> this path be 100% sure that it is not your own screw up and
> consult a lawyer.
>
> Mark
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
More information about the bind-users
mailing list