forward problem

Gregory Hicks ghicks at cadence.com
Mon Oct 27 18:10:41 UTC 2008 

> Subject: Re: forward problem
> From: Trixter aka Bret McDanel <trixter at 0xdecafbad.com>
> To: bind-users at isc.org
> Date: Mon, 27 Oct 2008 18:44:02 +0100
> 
[...]
> > On 26.10.08 23:48, Gregory Hicks wrote:
> > > "With BIND, you can only do this for zones for which you are
> > > authoritative, by putting wildcard entries in those zones. So, unless
> > > you want to claim authority for every zone on the Internet, you can't
> > > do it *universally*.
> > > 
> > > Note, many of us view this practice as inherently evil, especially
> > > after the SiteFinder ( http://en.wikipedia.org/wiki/Site_Finder )
> > > incident. It's usually done to try and "monetize" (see also "make money
> > > from", "scam") people's typos."
> > 
> > or also a "fraud" because it makes people think that some hosts (recods)
> > exist, while they do not.
> > 
> 
> or neither if you read the original email it has nothing to do with any
> of this, I did not think that it was important to respond to Gregory
> Hicks because he refused to read the email, a big example is he quoted

I *DID* read the mail.  And thought hard about responding - or not.

> the config file but then insisted it wasnt there.  He ignored the
> scenario I described to come up with some thing about how wrong this is,
> while including the part of my email saying I was aware of the problems
> and wanted to keep the politics out of a technical discussion.  So when
> it was by itself I felt no response was warranted anyone can see what
> Gregory was doing, however now that there are more people jumping on and
> the email is getting further redacted I feel that I must comment again,
> and restate what I originally said - which is that its for a very small
> group of people where I volunteer, they want it for their office, its
> nothing more than that.  

The problem is that what you want to do CANNOT be done the way DNS is
structured and the way BIND handles error conditions.

If you want to find out if some-host.microsoft.com exists, you must go
ask microsoft.com.  If some-host does NOT exist, then MS.com is going
to return an error.  

What you want to do is to intercept that 'error'.  But the way that
BIND works doesn't allow this - the way it is currently written.  You
CAN put in a wildcard RR for those zones that YOU control, but
everything else is handled EXTERNAL to your DNS server.  And you CANNOT
influence what is external to your server.

There ARE other implementations - OpenDNS comes to mind, or ORSN - that
MIGHT allow what you want.  In fact, I think you might want to look
into those two.  I believe, but am not sure, that they have options you
set at the 'root' level that may allow you to do what you want.

So, your comments about not reading your message...  Right back at you
re my message.

FYI, the bind-users newsgroup is not the place to discuss OpenDNS or
ORSN...  Sorry!

Regards,
Gregory Hicks
> 
> I also have gotten comments back that the forward first feature does not
> work the way I read that it did, and that is where the problem is, and
> that I will do a code change, based on how much drama this is causing I
> will no longer offer my patch - basically I dont want to deal with
> people that refuse to read what is said just to push some agenda that
> they have personally.  Sorry that my original email was abused to waste
> everyones time.
> 
> 
> -- 
> Trixter http://www.0xdecafbad.com     Bret McDanel
> Belfast +44 28 9099 6461        US +1 516 687 5200
> http://www.trxtel.com the phone company that pays you!
> 
> 

---------------------------------------------------------------------
Gregory Hicks                           | Principal Systems Engineer
Cadence Design Systems                  | Direct:   408.576.3609
555 River Oaks Pkwy M/S 9B1
San Jose, CA 95134

People sleep peaceably in their beds at night only because rough men
stand ready to do violence on their behalf -- George Orwell

The price of freedom is eternal vigilance.  -- Thomas Jefferson

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton

More information about the bind-users mailing list