How to enable DNS to resolve all domains to LOCAL IP

Barry Margolin barmar at alum.mit.edu
Sun Feb 20 06:06:31 UTC 2005 

In article <cv8c6s$2765$1 at sf1.isc.org>, Steven Job <list3 at wwwcrazy.com> 
wrote:

> Quoting Barry Margolin <barmar at alum.mit.edu>:
> 
> > Configure your server as authoritative for the root zone, and put a
> > wildcard A record in the zone that resolves to your IP.
> 
> Here is sort of a followup to this which I have tried many different ways
> unsuccessfully.
> I want to resolve this local IP for all domains / zones that our systems are 
> not
> authoritative for.  (Easy enough, already covered by making the wildcard and 
> as
> you said answered almost every week).

If you follow my suggestion, your server will consider itself 
authoritative for the entire DNS hierarchy.  It should never recurse at 
all, unless your root zone contains delegation records; in that case, 
the wildcard record will not be used for anything in those delegated 
subdomains.

> The problem is that then this local IP is also returned in the glue records 
> for
> all other domain responses.  Meaning if someone had an MX record going to
> "smtp1.mail.yahoo.com" (and you were not authoritative for yahoo.com) then it
> would also return the local IP for the Yahoo mail server in the glue record.

Glue records are the A records for nameservers that host the domain that 
they're in.  They have nothing to do with MX records.  I think you're 
referring to the Additional Records that are often included with MX 
records; these are not called glue records.

> Is there anyway to create this wildcard root zone but at the same time not 
> have
> any of it's data be set as part of the glue records?

Don't think so.  If a server knows the address of a hostname mentioned 
in an MX or NS record, it's supposed to include it in the Additional 
Records section of the reply.

Anyway, even if it didn't return this in the Additional Records, you'd 
still have this problem.  Your client would query for the MX record of 
yahoo.com, and it returns smtp1.mail.yahoo.com.  Then your client 
queries for the A record of smtp1.mail.yahoo.com, and you'll return your 
own IP, just like you configured.

The situation you describe *would* be a problem if your server were the 
authoritative server for some domains.  Don't do that.  This special 
configuration should be done *only* on resolvers, not authoritative 
servers.  If you only have one server, you can use the "views" mechanism 
to configure it as authoritative for the root zone only for your local 
clients.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

More information about the bind-users mailing list