On the fly TTL modification on a cache DNS server

John Wobus jw354 at cornell.edu
Thu Sep 7 15:40:08 UTC 2006 

On Sep 4, 2006, at 8:21 AM, Francois Goudal wrote:

> Hello,
>
> I'm currently making a linux software for an avionics embedded router.
> The charge for each minute is about 10$ so I made some things for the
> user to disable and block any outgoing connections.
> I would like, when it is blocked, every http connection to be 
> redirected
> to the internal webserver, to display a splashscreen.
> On currently existing softwares that provides splashscreens, it is much
> easier cause the DNS resolution can be done because the connection is
> permanent.
> Here, I will have to "hack" the DNS resolution for this redirection.
> Currently, bind is installed as a DNS cache server on the router.
> I would like it to serve also as a nameserver that will reply to every
> request it gets without referring to another DNS server, always 
> replying
> the router's local IP address.
> Currently, I have made some successful tests about that but, my problem
> is about TTLs.
> When for example internet is disabled and i want for example to access
> google.com, it is resolved as 192.168.1.1 (the router's address), so I
> can see the splashscreen.
> Now if I activate the internet, I can't go to google.com cause it's not
> resolved again (in the client cache, it's still 192.168.1.1.
> I solved this problem, now, the TTL is quite small and it works.
> But :
> When internet is enabled, the bind just acts as a dns cache server so 
> if
> I get google.com, it is resolved as its real IP and put in the client's
> cache (this TTL is provided by google's nameservers). So if I close the
> connection, now the client still refers to google's real IP address so
> the splashscreen doesn't appears as it should.
> I would like the bind cache to do an on the fly alteration of the DNS
> answers, to set a very low TTL for the client's answers.
> Do you know a way to do that ?
>
> Thank's !
>
> -- 
> Francois Goudal
> Epita promo 2008 - Ing2 - President Evolutek
> francois at goudal.net
>

You could switch to another bind configuration and zone files when
the Internet connection is down.

If you want to preserve the DNS cache through such outages, it gets
trickier.  You could run two bind instances, one giving the splash page
to everyone, the other giving cached/recursive answers,
and control which one is listening on the real port
through a firewall port mapping that is modified when the Internet
connection goes up/down.  You still have the problem that a
client might have cached a large TTL while the Internet is up.

These are just ideas off the top of my head.  I'm not sure if
they can actually be made to work.

John Wobus
Cornell CIT

More information about the bind-users mailing list