DNS redirect unresolved domain
Hi Guys,
I need to setup a dns server that will redirect all the unresolved domains to a specific ip address. I have been googling for days to search for a solution on how to configure it in bind but I could not find nothing. I am using slackware 13. Anybody knows how to this using bind/named server? Thanks! |
Try 'forwarders { xxx.xxx.xxx.xxx; };' inside your options section
|
I apologize for the late reply. It seems forwarders could not do the job :(
I setup two DNS server for testing. The first DNS server is a caching only nameserver that contains a global forwarders option that points to the second DNS server. The second DNS server is configured to resolve any domain name to a specific ip address. I am using windows xp for testing. The windows xp DNS configuration is set to 7.7.7.1 which is the first DNS server. However, when I tried to resolve valid dns servers, the request were always forwarded to the second DNS server 7.7.7.2, so i am getting the ip 7.7.7.10 for all dns queries including unresolved domains. Is there a way to make the dns server to force to try first the caching zone before forwarding to the second dns server? I only want to forward when the domain is unresolvable. I really hope that some DNS experts here could help me. The configuration for the first DNS caching server is: Code:
options { Code:
. 3600000 IN NS A.ROOT-SERVERS.NET. Code:
options { Code:
$TTL 86400 |
The 'forwarders' entry tells the caching server[7.7.7.1] where to go to resolve any requests that aren't already in the cache, if the forwarder[7.7.7.2] never resolves external addresses then how will the caching server learn them ?
Maybe I'm missing the point of what you're trying to achieve... |
Hi kbp,
Thanks for explaining how forwarders work. I understand now why I always get the internal address 7.7.7.10 for all dns queries. What I really want to accomplish is that I need a DNS server that can resolve all the unresolved/non-existing domains to the internal address 7.7.7.10, and also all the valid/existing domains must be resolved to their external addresses. Example: 1. google.com and yahoo.com must resolve to their actual external addresses. 2. asdfsafsadfadsfasdf.com and qwerqasdfasdfasfd.com must resolve to internal address 7.7.7.10 Is it possible to do this in bind? Thanks! |
Quote:
http://www.icann.org/en/committees/security/sac032.pdf For the sake of your users, please don't even consider doing it. |
Hi ebros
Maybe your question is poorly phrased, as it is not a good idea to redirect all unresolved domains to a specific internal ip address... (what if a local user tried to get to google, and asked your nameserver for google's address, and instead got your internal ip?) Usually the forwarders specify your isp's nameserver where your nameserver looks up ip addresses of domains for which it is not authority... Are you hosting web sites with apache and using bind to manage their dns? Maybe what you are looking for is a way to handle request for mistaken domains or mistyped domains, like ww.mydomain.com, where they forgot a "w"... If this is the case, I think you should bark up apache's tree instead of bind's, as the settings you would need would be in httpd.conf file, where you set up the ip addresses and ports apache listens on, and where you set up vhost configs for your domains, and a default config that handles all other requests, etc. |
Quote:
|
Hi slac-in-the-box,
I am aware of the fact that it is not recommended to implement this in a production network and i don't have intention of doing it either. This will be implemented in closed/isolated lab environment. I am actually just working on a project that requires this feature and there is no web server involved. Hi wildwizard, That was an awesome article and that is actually what i want to do. Do you know if its possible to do "DNS response modification" in bind? |
Quote:
I actually got that paper from a thread from the bind developers list where they were quite adamant that they would NEVER include the code in bind to do it. |
OpenDns is doing it.
Whats wrong about it???
Im technician of ISP, we have 500 clients on network. When user type wrong address, it could be great to give him search result from google. He dont need to correct address manualy or open google page and search for right address. Its good feature! Btw, OpenDns is doing it. Try them. |
|
Now I know.
Ok, after some discussion on irc channel #bind I know that this is wrong. For example, if you do it, and some one will ping some domain which not exist, ping come back successufly, but not from domain, but from server where you redirect ask for unresolved domains.
BUT Ill try forward only unresolved domains on port 80 only. Bind dont care about ports. Im going to enable web proxy on our main routeros mikrotik gateway and try to do it there. http://wiki.mikrotik.com/wiki/Category:Proxy |
All times are GMT -5. The time now is 08:40 PM. |