Redirect only second and third level domains

[/dev/rob0]

> Il 23/02/2017 20:38, Warren Kumari ha scritto:
> > What are you actually trying t odo?

On Fri, Feb 24, 2017 at 09:42:17AM +0100, Andrea Gabellini wrote:
> the server is a resolver for about 20K clients. My goal is to 
> supply a courtesy page if a domain is not found. For every domain.

Ugh.  You call it a courtesy, I call it ignorant and abusive.

> A query for abc.example.com or example.com (and these do not
> exist) has to receive the address of the courtesy web server.
> 
> A query for xyz.abc.example.com (and this do not exists), have
> to receive NXDOMAIN.
> 
> This is a workaround for queries made to the dnsbl services like 
> spamhaus.org or mailspike.org, where the queries are of type 
> "4.3.2.1.zen.spamhaus.org". If the redirect is for all levels of 
> the domain, there is a response and the antispam system thinks
> that this IP is in blacklist.

No.

A mail server needs clean DNS, no NXDOMAIN hijacking at all.  Such 
as, if a user submits mail to somewhere at invalid.example, the MTA 
needs to know that "invalid.example" is NXDOMAIN.

It's one thing, if you're trying to be "courteous" to ordinary 
web-only users; it is quite different when you are serving DNS to 
servers of various kinds.  Your customers WILL be calling to 
complain.

Perhaps you should offer a clean nameserver for business and static 
IP address customers?  Inform them and advise them to change before 
you implement your "courteous" NXDOMAIN abuse?
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: