injecting a temp entry into dns cache
Phil Mayers
p.mayers at imperial.ac.uk
Mon Feb 4 08:51:27 UTC 2013
On 02/02/2013 09:41 PM, Veaceslav Revutchi wrote:
> There is a credit union website that our users access from work and
> their dns has been broken for the past few days where the www. version
> works, but the plain name (without the www.) points to some old IP
> that's not responding. Tried to call them and all I got was that they
> know they have some kind of problem, but they ask users to type www.
> in their browser until it's resolved.
>
> In situations like this I would like to be able to inject an entry
> into the cache on our recursive resolvers and point it to the correct
> IP until the domain
> owner fixes the problem (poison my own cache so to speak). Is this
> something that can be done with bind without having to create a zone
> for the broken domain and make our servers act as authoritative for
> it?
You can do this with RPZ. Simply put:
thebrokensite.org.your.rpz.zone. IN A working.ip.add.r
...into the RPZ zone. This will leave names *under* that zone alone.
I've used RPZ this way a couple of times to fix temporary problems, but
you need to be aware of the hole you can dig yourself if you end up
having to do this permanently.
More information about the bind-users
mailing list