Stupid DNS tricks -- the "black hole" DNS
Matt Larson
mlarson at verisign.com
Wed Apr 21 18:55:28 UTC 2004
On Wed, 21 Apr 2004, John Manly wrote:
> My question is, is there a straightforward way to exclude a particular
> domain from this black hole effect? That is, suppose I want name
> queries for any DNS name to point to the common IP number EXCEPT those
> for any address in the GOOGLE.COM domain. Assuming that I don't want to
> just enter in my own A records for all of Google's services, is there a
> way that name resolution within the google.com namespace works properly
> (querying either Google's name servers, or the root servers, or
> whatever)?
You can make your name server a stub for the "google.com" zone, e.g.:
zone "google.com" {
type stub;
file "google.com.stub";
masters { 216.239.32.10; };
};
Your server won't attempt a zone transfer from 216.239.32.10
(ns1.google.com, one of the google.com authoritative servers).
Instead it will send discreet queries to get the information it stores
in the "google.com.stub" backup file, which it smashes into its cache
to override the A record wildcard in your root zone.
Note that you need to "stub out" any additional referenced zones.
Since right now www.google.com is a CNAME to www.google.akadns.net,
you'll need to be a stub for "akadns.net", too.
Good luck,
Matt
--
Matt Larson <mlarson at verisign.com>
VeriSign Naming and Directory Services
More information about the bind-users
mailing list