LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 03-24-2010, 07:08 PM   #1
ebros
LQ Newbie
 
Registered: Jun 2008
Posts: 9

Rep: Reputation: 0
Angry DNS redirect unresolved domain


Hi Guys,

I need to setup a dns server that will redirect all the unresolved domains to a specific ip address. I have been googling for days to search for a solution on how to configure it in bind but I could not find nothing. I am using slackware 13. Anybody knows how to this using bind/named server? Thanks!
 
Old 03-24-2010, 09:27 PM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,758

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
Try 'forwarders { xxx.xxx.xxx.xxx; };' inside your options section
 
Old 03-31-2010, 10:58 PM   #3
ebros
LQ Newbie
 
Registered: Jun 2008
Posts: 9

Original Poster
Rep: Reputation: 0
Thumbs up

I apologize for the late reply. It seems forwarders could not do the job
I setup two DNS server for testing. The first DNS server is a caching only nameserver that contains a global forwarders option that points to the second DNS server. The second DNS server is configured to resolve any domain name to a specific ip address. I am using windows xp for testing. The windows xp DNS configuration is set to 7.7.7.1 which is the first DNS server. However, when I tried to resolve valid dns servers, the request were always forwarded to the second DNS server 7.7.7.2, so i am getting the ip 7.7.7.10 for all dns queries including unresolved domains.

Is there a way to make the dns server to force to try first the caching zone before forwarding to the second dns server? I only want to forward when the domain is unresolvable. I really hope that some DNS experts here could help me.



The configuration for the first DNS caching server is:
Code:
options {
        directory "/var/named"
        forwarders { 7.7.7.2; };
        listen-on  { 7.7.7.1; };
}
zone "." IN {
        type hint;
        file "caching-example/named.root";
};
zone "localhost" IN {
        type master;
        file "caching-example/localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "caching-example/named.local";
        allow-update { none; };
};
named.root
Code:
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803f:235
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
And the configuration of the second DNS server that can resolve any domain name to a single ip is:
Code:
options {
        directory "/var/named";
        listen-on  { 7.7.7.2; };
};

zone "." IN {
        type master;
        file "caching-example/named.root.any";
        allow-update { none; };
};
named.root.any
Code:
$TTL 86400
.               IN      SOA     ns1.test.org.   hostmaster.test.org. (
                                1 ; serial
                                21600      ; refresh after 6 hours
                                3600       ; retry after 1 hour
                                604800     ; expire after 1 week
                                86400 )    ; minimum TTL of 1 day
.               IN      NS      ns.test.org
*               IN      A       7.7.7.10
 
Old 04-01-2010, 01:14 AM   #4
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,758

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
The 'forwarders' entry tells the caching server[7.7.7.1] where to go to resolve any requests that aren't already in the cache, if the forwarder[7.7.7.2] never resolves external addresses then how will the caching server learn them ?

Maybe I'm missing the point of what you're trying to achieve...
 
Old 04-01-2010, 04:37 PM   #5
ebros
LQ Newbie
 
Registered: Jun 2008
Posts: 9

Original Poster
Rep: Reputation: 0
Hi kbp,

Thanks for explaining how forwarders work.
I understand now why I always get the internal address 7.7.7.10 for all dns queries.

What I really want to accomplish is that I need a DNS server that can resolve all the unresolved/non-existing domains to the internal address 7.7.7.10, and also all the valid/existing domains must be resolved to their external addresses.

Example:
1. google.com and yahoo.com must resolve to their actual external addresses.
2. asdfsafsadfadsfasdf.com and qwerqasdfasdfasfd.com must resolve to internal address 7.7.7.10

Is it possible to do this in bind? Thanks!
 
Old 04-01-2010, 06:13 PM   #6
wildwizard
Member
 
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 755

Rep: Reputation: 226Reputation: 226Reputation: 226
Quote:
Originally Posted by ebros View Post
Is it possible to do this in bind? Thanks!
No as it breaks RFC's relating to DNS.

http://www.icann.org/en/committees/security/sac032.pdf

For the sake of your users, please don't even consider doing it.
 
Old 04-02-2010, 02:36 PM   #7
slac-in-the-box
Member
 
Registered: Mar 2010
Location: oregon
Distribution: slackware64-14.1
Posts: 159

Rep: Reputation: 26
Hi ebros

Maybe your question is poorly phrased, as it is not a good idea to redirect all unresolved domains to a specific internal ip address... (what if a local user tried to get to google, and asked your nameserver for google's address, and instead got your internal ip?) Usually the forwarders specify your isp's nameserver where your nameserver looks up ip addresses of domains for which it is not authority...

Are you hosting web sites with apache and using bind to manage their dns? Maybe what you are looking for is a way to handle request for mistaken domains or mistyped domains, like ww.mydomain.com, where they forgot a "w"...

If this is the case, I think you should bark up apache's tree instead of bind's, as the settings you would need would be in httpd.conf file, where you set up the ip addresses and ports apache listens on, and where you set up vhost configs for your domains, and a default config that handles all other requests, etc.
 
Old 04-02-2010, 03:17 PM   #8
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware: 12.1, 13.1, 14.1, 64-14.1, -current, FreeBSD-10
Posts: 1,635

Rep: Reputation: 567Reputation: 567Reputation: 567Reputation: 567Reputation: 567Reputation: 567
Quote:
Originally Posted by wildwizard View Post
No as it breaks RFC's relating to DNS.

http://www.icann.org/en/committees/security/sac032.pdf

For the sake of your users, please don't even consider doing it.
Thanks wildwizard, I am not otherwise participating in this thread but had an issue with this at one time and had only my memory to work from. Your link is the answer to many things.
 
Old 04-02-2010, 04:43 PM   #9
ebros
LQ Newbie
 
Registered: Jun 2008
Posts: 9

Original Poster
Rep: Reputation: 0
Hi slac-in-the-box,
I am aware of the fact that it is not recommended to implement this in a production network and i don't have intention of doing it either. This will be implemented in closed/isolated lab environment. I am actually just working on a project that requires this feature and there is no web server involved.

Hi wildwizard,
That was an awesome article and that is actually what i want to do.
Do you know if its possible to do "DNS response modification" in bind?
 
Old 04-12-2010, 05:16 AM   #10
wildwizard
Member
 
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 755

Rep: Reputation: 226Reputation: 226Reputation: 226
Quote:
Originally Posted by ebros View Post
Hi slac-in-the-box,
Do you know if its possible to do "DNS response modification" in bind?
Only if you rewrite it yourself, or find a patch.

I actually got that paper from a thread from the bind developers list where they were quite adamant that they would NEVER include the code in bind to do it.
 
Old 01-28-2011, 03:12 PM   #11
robinpecha
LQ Newbie
 
Registered: Jan 2010
Posts: 3

Rep: Reputation: 0
OpenDns is doing it.

Whats wrong about it???

Im technician of ISP, we have 500 clients on network.
When user type wrong address, it could be great to give him search result from google. He dont need to correct address manualy or open google page and search for right address. Its good feature!

Btw, OpenDns is doing it. Try them.
 
Old 01-28-2011, 03:22 PM   #12
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 2,380

Rep: Reputation: 840Reputation: 840Reputation: 840Reputation: 840Reputation: 840Reputation: 840Reputation: 840
reading the pdf above looks like a super-evil thingie.

Dan, please save us!

Last edited by ponce; 01-28-2011 at 03:24 PM.
 
Old 01-29-2011, 01:59 AM   #13
robinpecha
LQ Newbie
 
Registered: Jan 2010
Posts: 3

Rep: Reputation: 0
Now I know.

Ok, after some discussion on irc channel #bind I know that this is wrong. For example, if you do it, and some one will ping some domain which not exist, ping come back successufly, but not from domain, but from server where you redirect ask for unresolved domains.

BUT

Ill try forward only unresolved domains on port 80 only. Bind dont care about ports. Im going to enable web proxy on our main routeros mikrotik gateway and try to do it there.
http://wiki.mikrotik.com/wiki/Category:Proxy
 
  


Reply

Tags
dns, redirect


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirect local DNS query to remote DNS server on non standard port? rock_ya_baby Linux - Server 8 04-13-2010 04:31 AM
domain redirect squid sunlinux Linux - Server 1 03-15-2010 02:26 AM
Want new domain to act as alias for current domain: email, dns, etc. cotton213 Linux - Server 3 07-01-2008 03:11 PM
DNS http:domain.com resolve to www.domain.com keysorsoze Linux - Networking 3 02-12-2007 03:03 AM
sendmail unresolved domain issue Bake-SaleNet Linux - Networking 0 11-30-2003 09:27 AM


All times are GMT -5. The time now is 02:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration