1

I have a server set up with a bunch of subdomains that all point to the same caching server, which is done using a wildcard like so:

*    IN    A    192.168.1.1

This works great, but I would like to exclude a subdomain from that. I could set up another entry, like

mysubdomain    IN    A    192.168.1.2

but what I would really like is for that subdomain to throw an NXDOMAIN error. Is there any way to do that? Something like:

mysubdomain    IN    A    NXDOMAIN

I'm aware that I could just tell the server to not serve anything coming from that domain, but it would be nice if I could throw a DNS error instead of a server error.

Schiem
  • 123
  • 3

1 Answers1

3

The closest you're going to get while staying within the standards is to create a "zone cut" at that boundary. This can be accomplished by either defining an additional zone called mysubdomain.example.com (which is more specific than your example.com zone), or delegating mysubdomain to a different nameserver entirely with NS records.

That said, a request for mysubdomain.example.com IN A is going to result in a response of NOERROR with zero records in the answer section due to mandatory SOA and NS records sharing the name. All records beneath that point will return the desired NXDOMAIN.

If you have an actual, technical need for making that one record appear to be a NXDOMAIN (and not just for personal preferences or aesthetics, which have nothing to do with the RCODE that comes back), you can set up a response policy zone (RPZ) within BIND that rewrites requests for that label. It's overkill and wasteful unless it's an actual business requirement.

Community
  • 1
Andrew B
  • 32,588
  • 12
  • 93
  • 131