Bogus Wild Card DNS
Stacey Marshall
stacey.marshall at gmail.com
Mon Apr 11 20:33:16 UTC 2011
On 11 April 2011 17:56, Stacey Marshall <stacey.marshall at gmail.com> wrote:
>
>
> On 11 April 2011 14:04, Martin McCormick <martin at x.it.okstate.edu> wrote:
>
>> Stacey Marshall writes:
>> > I'm not certain as to what it is your trying to do exactly, but the hint
>> > zone should provide addresses of root servers. One of which will be
>> > contacted to download the list of root nameservers.
>>
>> This is a special-purpose DNS used for network
>> registration in which unauthenticated clients can only get
>> either a registration server or a few lookups to places like
>> Apple and Microsoft to download patches before we let them on
>> the production network. It is not meant to be the least bit
>> normal as far as the usual application of DNS goes.
>>
>> the hint zone basically serves itself as root.
>>
>
> Fair enough, the root server listed in the fake list would also need to
> load the zone, for example:
>
>
> zone "." in {
> type hint;
> file "root.hint";
> };
>
> zone "." in {
> type master;
> file "root.zone";
> }
>
actually, that's not correct! The master NS would only need to load the
root.zone file,
Other name servers within the private network would load the hint file.
Stace
>
> The hint file has a format that simply lists the Address and PTR records,
> as observed from a simple "dig | grep -v '^;'", for example:
>
> . 518400 IN NS our.fake.root.
> our.fake.root. 3600000 IN A 192.168.0.1
>
> The actual master zone must have the SOA, NS records, glue and the
> wildcard.
>
> Hope that helps.
>
> Stace
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110411/61fca5b7/attachment.html>
More information about the bind-users
mailing list