caching only + wildcard

Kevin Darcy kcd at chrysler.com
Thu Jun 26 22:38:16 UTC 2008 

Nice rationalizations. "All we care about is money", "we're small 
anyway", "our users really, deep down, *want* us to lie to them in our 
DNS responses".

Go figure out how to do it yourself, since I doubt anyone on this list 
wants to help you pervert the intent of the DNS protocol.

                                                                         
               - Kevin

idanj wrote:
> Hi Josh,
>
> Since most of the large ISPs (RR, earthlink) already do it, I don't
> think a small ISP like us would make any difference.
>
> Due to increasing we must find new ways of making money.
>
> And actually our solution will HELP our users because we plan to give
> them a link to the original website that we think they were looking
> for.
>
> Thanks
> Idan
>
> On Jun 26, 9:05 pm, "Josh Smith" <juice... at gmail.com> wrote:
>   
>> This is typically a bad idea - dns is used for more than just browsing the web.
>>
>> See the site finder fiascohttp://en.wikipedia.org/wiki/Site_Finder
>>
>> Please do not break the DNS in this manner for your users.
>>
>> Thanks,
>> Josh
>>
>>
>>
>> On Thu, Jun 26, 2008 at 9:34 AM, idanj <idan.... at gmail.com> wrote:
>>     
>>> Thank you for your reply, and sorry for not being clear. I'll try to
>>> explain again.
>>>       
>>> We are a small ISP.
>>>       
>>> We want to display a friendly message to our users whenever they are
>>> trying to access a non existent domain.
>>>       
>>> So the flow we were thinking about is:
>>> 1. User queries our (caching-only) NS
>>> 2. Our NS checks the root servers and get a "NXDOMAIN" reply.
>>> 3. We return to the user an A RECORD with the IP address of our server
>>> 4. The user goes to that IP address and gets our error message.
>>>       
>>> So we basically want the ability to add a wildcard record to our NS,
>>> but have that wildcard catch ONLY when our NS gets an NXDOMAIN reply
>>> from the root server.
>>>       
>>> I hoped I explained myself OK this time.
>>>       
>>> Thanks again
>>> Idan
>>>       
>>> On Jun 26, 2:29 am, Kevin Darcy <k... at chrysler.com> wrote:
>>>       
>>>> idanj wrote:
>>>>         
>>>>> Hello all,
>>>>>           
>>>>> We have 2BINDname servers configured as "caching-only".
>>>>>           
>>>>> Is it possible to set a wildcard A record ("catch all") on a these
>>>>> name server?
>>>>>           
>>>>> The problem is that when the server gets a query for a domain that
>>>>> doesn't exist in its cache, the server will return the wildcard reply
>>>>> instead of checking the root servers first.
>>>>>           
>>>> I'm confused about what you're trying to accomplish here. Are you saying
>>>> "return a wildcard record any time the answer is not in cache"? Even if
>>>> that were possible, how would you expect to *ever* get anything into
>>>> your cache in that case? Bear in mind that a caching-only nameserver
>>>> typically starts up with *nothing* in its cache, just some "hints"
>>>> information about where to find root nameservers. If you give back a
>>>> wildcard record for everything not in cache, then there's no reason to
>>>> *ever* go out and resolve *anything* or cache *anything*. You just give
>>>> the wildcard record for every query. You might as well be not even
>>>> connected to the Internet.
>>>>         
>>>> I must be missing something here. Could you please clarify?
>>>>         
>>>> Are you perhaps using the term "cache" to also cover
>>>> *authoritative*data*, i.e. where your (so-called) "caching-only"
>>>> nameserver is also master or slave for certain select zones, and you
>>>> want everything *else*, not in those zones, to get a wildcard response?
>>>> In that case, maybe your requirement might make sense...
>>>>         
>>>> Or, could it be that you're trying to set up a DNS infrastructure on an
>>>> internal network, that has no connectivity to the Internet? If so, then
>>>> you're approaching it the wrong way. You don't want "wildcards" to
>>>> prevent your nameservers from going out and trying to talk to the
>>>> Internet root nameservers; what you want is to set up your *own* private
>>>> root zone, and point all of your nameservers at that root zone instead
>>>> of the Internet version.
>>>>         
>>>>                            - Kevin
>>>>         
>> --
>> Josh Smith
>> email/jabber: juice... at gmail.com
>> phone: 304.237.9369(c)
>>
>> () ascii ribbon campaign - against html e-mail
>> /\www.asciiribbon.org- against proprietary attachments
>>     
>
>
>
>
>

More information about the bind-users mailing list