2

I have a djbdns dnscache running; is there a way to have it return a specific IP instead of NXDOMAIN?

Warner
  • 23,756
  • 2
  • 59
  • 69
user39221
  • 41
  • 3

2 Answers2

3

dnscache is literally that: a DNS cache. If you wanted to specify A (forward resolution) records for a domain under your control, you would need to run a full-featured DNS such as BIND or djbdns.

To respond with an IP when a NXDOMAIN response is sent, you would be breaking the RFC. NXDOMAIN rewriting is a controversial practice that is not recommended and generally not supported, as it breaks the RFC. Neither djbdns nor BIND have native support for this.

From what I understand, there are only commercial solutions currently implementing this. This includes Barefruit and several others.

This is an interesting post from a mailing list where someone who appears to be Keith Mitchell, the ISC Director of Engineering, states that he doesn't want to introduce support in BIND.

If you have a legitimate need, we might be able to be able to offer you an alternative technical solution.

Warner
  • 23,756
  • 2
  • 59
  • 69
  • I was thinking of running a local tinydns instance along with dnscache, that returns say 1.2.3.4 for every A record. The only problem is getting dnscache to use that 'fake' server when the root servers say that the domain doesn't exist. I'm not stuck at djbdns at this point, and i'll gladly use something else (even BIND), if it makes this easier. – user39221 Mar 30 '10 at 16:09
  • Basically i want NXDOMAIN rewriting - whoever is using my dnscache and wants to get an A record for a nonexistent domain, it returns 1.2.3.4. – user39221 Mar 30 '10 at 16:21
  • 1
    @Warner - yes, that post was written by Keith @ ISC – Alnitak Mar 30 '10 at 23:36
2

It's a requirement of our intranet setup; i know it's controversial and whatnot, but that's beside the point.

I managed to get it to work - i don't know if it will break anything else though; so far it seems ok.

After watching dnscache logs, i found out that, after trying the root servers to resolve nonexistent.foo, it will try to resolve nonexistent.foo.local.host (where local.host is the name of localhost). So i set up tinydns on the loopback interface (127.0.0.10) to serve 1.2.3.4 for *.local.host. Then i added the loopback ip as a server for local.host in dnscache/root/servers.

The only drawback with this setup is that lookups for foo.local.host resolve to 1.2.3.4, but that's not an inconvenience.

user39221
  • 41
  • 3