Bogus Wild Card DNS
Martin McCormick
martin at dc.cis.okstate.edu
Fri Apr 8 14:58:27 UTC 2011
I am trying to set up bind9.7.2P3 in a special manner such as is
used in network registration setups in which named always
returns the address of a registration server except for a few
other domains that supply updates and antivirus scans, etc.
In this case, I have microsoft.com as the one allowed
domain and everything else should return the wild card A record.
What is happening right now is that the one special allowed
domain works fine and all else returned a SERVFAIL rather than
resolving to what will eventually be the registration server.
The microsoft allowed zone is defined in named.conf with
forwarders
My understanding is that the only real zone one needs is the
hint zone or "." and here is mine:
@ IN NS netreg.it.okstate.edu.
microsoft.com. IN NS netreg.it.okstate.edu.
* IN A 139.78.6.193
Why am I not getting resolution to 139.78.6.193 for any
other query?
The log isn't complaining about much of anything but any
query that is not microsoft returns that SERVFAIL message.
I must remind anybody experimenting with something like
this to be sure to put a bogus DNS clause in your functional
production DNS's so that anything that might somehow leak out of
this experiment is treated as junk and ignored.
Many thanks.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
More information about the bind-users
mailing list