Novel task for DNS.

Brad Knowles brad.knowles at skynet.be
Tue Jul 31 18:27:38 UTC 2001 

At 5:03 PM +0100 7/31/01, William Noad wrote:

>  I work for ntl, a major UK ISP.  One of our future products will include
>  user accounts that can `expire', requiring the user to re-register (to
>  some degree) to reactivate the account.  We can (apparently) set up RADIUS
>  on the modem racks such that anyone whose account has expired gets put
>  into a specially constructed sandbox, from which they either re-register
>  or logout.  To ensure the user hits the re-registration system we want to
>  set up a DNS server within the sandbox that resolves /any/ domain name to
>  the IP address of the re-registration server.

	Have the RADIUS server hand out the IP address of a specially 
configured nameserver to these customers.  That specially configured 
nameserver would be a private root nameserver, and think that it is 
authoritative for the world.  It would have an NS record (pointing to 
itself), and an SOA record (again, pointing to itself).  It would 
have an A record for itself, and proper reverse DNS set up.  The only 
other record it would have would be a wildcard record that would 
provide the IP address of your re-registration server for any other 
query that was asked.

>  Has anyone else set up something similar using BIND? Or can someone
>  categorically say `that can't be done'.

	Nope, it's not too hard.  You can do it yourself by reading the 
book _DNS and BIND_ and putting in a little work.  Alternatively, you 
can contract out the work to someone else (if you don't have the 
time).  If you decide to go the contract route, I'd recommend talking 
to the folks at Nominum to see what they would charge for this kind 
of work.

-- 
Brad Knowles, <brad.knowles at skynet.be>

H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA

More information about the bind-users mailing list