I have a djbdns dnscache running; is there a way to have it return a specific IP instead of NXDOMAIN?
Asked
Active
Viewed 1,093 times
2 Answers
3
dnscache is literally that: a DNS cache. If you wanted to specify A (forward resolution) records for a domain under your control, you would need to run a full-featured DNS such as BIND or djbdns.
To respond with an IP when a NXDOMAIN response is sent, you would be breaking the RFC. NXDOMAIN rewriting is a controversial practice that is not recommended and generally not supported, as it breaks the RFC. Neither djbdns nor BIND have native support for this.
From what I understand, there are only commercial solutions currently implementing this. This includes Barefruit and several others.
This is an interesting post from a mailing list where someone who appears to be Keith Mitchell, the ISC Director of Engineering, states that he doesn't want to introduce support in BIND.
If you have a legitimate need, we might be able to be able to offer you an alternative technical solution.
Warner
- 24,174
- 2
- 63
- 69
2
It's a requirement of our intranet setup; i know it's controversial and whatnot, but that's beside the point.
I managed to get it to work - i don't know if it will break anything else though; so far it seems ok.
After watching dnscache logs, i found out that, after trying the root servers to resolve nonexistent.foo, it will try to resolve nonexistent.foo.local.host (where local.host is the name of localhost). So i set up tinydns on the loopback interface (127.0.0.10) to serve 1.2.3.4 for *.local.host. Then i added the loopback ip as a server for local.host in dnscache/root/servers.
The only drawback with this setup is that lookups for foo.local.host resolve to 1.2.3.4, but that's not an inconvenience.
user39221
- 51
- 3