Universal Answer ?

John Hascall john at iastate.edu
Mon Feb 25 06:22:01 UTC 2008 

> Hi,
> i use Bind 9.3.2 on my linux server, i want know if it's possible to
> use this fonctionnality :
> 
> 1- Never sent host unknow, if the host are not know, he sent one IP
> sample:
> 
> Before:
> [root at gw]# host p180.lan.int
> Host p180.lan.int not found: 3(NXDOMAIN)

> After:
> [root at gw]# host p180.lan.int
> p180.lan.int has address 10.20.10.254

I believe what you are looking for here is a "wildcard" record.
This is doable, but it typically is used either to wildcard
either (virtually) everything [as in a "NetReg lying DNS" setup
(see below) or to wildcard all the unknown names in a single
(or a  small number of) domains.  If you want ALL known names to
lookup properly, but to have all unknwon names return some default
value, I know of no way to do that short of modifying the code.
Putting a '*' in a zone file causes all name in that zone to
return that address.

> 2- Same of 1, but i create a list of IP, load it into bind, and all IP
> that are not into this list, he answer all time the same IP
> sample:
> 
> host www.google.com => 10.20.10.254
> host www.yahoo.com => 10.20.10.254

This is very typicaly done in 'NetReg' situations -- unregistered hosts
are pointed at a 'lying DNS server' where all (or almost all) DNS lookups
return the address of the registraton (web) server.  This is also called
a 'fake root' server.

As an example of both these techniques, here is an excerpt from
the root zone of my NetReg lying DNS server:

; /var/named/db.root
$TTL 60
@               IN      SOA netreg-2.  acropolis.iastate.edu. (
                        2001081301      ; serial yyyymmddnn
                        7200            ; refresh
                        3600            ; retry refresh
                        604800          ; expire (1 week)
                        60 )            ; default TTL

@                       IN      NS      netreg-2.
iastate.edu.            IN      NS      netreg-2.
  ...
netreg-2.               IN      A       129.186.6.16
*.                      IN      A       129.186.6.16
*.edu.                  IN      A       129.186.6.16
*.com.                  IN      A       129.186.6.16
*.net.                  IN      A       129.186.6.16


John
PS, ".int" is not a good choice for an internal domain as
    it is actually a real domain (e.g., nato.int, un.int, who.int, etc)

More information about the bind-users mailing list