Can BIND 9 utilize a HINTS file to create fake ROOT DNS server

Can BIND 9 utilize a HINTS file to create fake ROOT DNS server

Post by fooba » Fri, 04 Apr 2003 03:44:25



Working on a project to create a FAKE root server utilizing BIND 9.  

I have created a HINTS file which instead of having the master ROOT
domain servers listed, it has several TOP level .COM, and .ORG domains
listed.  These are actually INTERNAL .com and .org domains.

I have also set resolver to forward to outbound firewall DNS process
for name resolution.

Problem:   Seems like the HINTS file is overlooked during boot.  It
doesnt error out, but it also doesnt query the authoritative Internal
DNS servers for these private .COM and .ORG domains.

Question:    Any hints in using hints?   Does the use of a forward
statement spoil the utilization of HINTS files during startup?  I.e.
They are mutually exclusive?

 
 
 

Can BIND 9 utilize a HINTS file to create fake ROOT DNS server

Post by Barry Margoli » Fri, 04 Apr 2003 05:37:57




>Working on a project to create a FAKE root server utilizing BIND 9.  

This would be more appropriate for a group like comp.protocols.dns.bind.

Quote:>I have created a HINTS file which instead of having the master ROOT
>domain servers listed, it has several TOP level .COM, and .ORG domains
>listed.  These are actually INTERNAL .com and .org domains.

The hints file is only used to initialize the list of root servers.  During
startup, it sends a query to one of these servers, asking it for the
current list of root servers, and from then on it uses that list.  I don't
think you can use it for lower-level domains.

Quote:>I have also set resolver to forward to outbound firewall DNS process
>for name resolution.

>Problem:   Seems like the HINTS file is overlooked during boot.  It
>doesnt error out, but it also doesnt query the authoritative Internal
>DNS servers for these private .COM and .ORG domains.

>Question:    Any hints in using hints?   Does the use of a forward
>statement spoil the utilization of HINTS files during startup?  I.e.
>They are mutually exclusive?

A top-level "forward" statement overrides use of the root servers.

What I think you may really want to do is create "type forward" zones:

zone "somedomain.com" {
  type forward;
  forwarders { 1.2.3.4; };

Quote:};

zone "otherdomain.org" {
  type forward;
  forwarders { 1.2.3.4; };

Quote:};

--

Genuity Managed Services, a Level(3) Company, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

1. BIND 9 Server returns Served By (root hint list) when queried with nslookup

When I run nslookup on my BIND 9 server and type any external
(internet) DNS name it scrolls the list of Root Servers with a served
by: at the top.  Any ideas why?  (Server has a route out to the
internet) Shouldn't it just go and query those those servers and
return the answer?  When I do the same to my MS root DNS server it
returns the correct answer......

2. LOGLAN: What's Happened to It?

3. C Program to create Fake root for User

4. Time for a Windows reinstall!

5. How do I create zone files for a DNS server

6. Q: why does ftp say "530 user akelly access denied..."

7. BIND 8/9-specific features: Good online reference or buy "DNS & BIND"?

8. Setting a Linux Router & Mail-Server

9. bind() creates bogus file

10. if DNS server was Windows based what DNS server software is avail?

11. Indexes accessible on Apache server, but not .html files -- Any hints?!

12. NT dns server request to my LINUX dns server time out

13. Using Win2000 DNS with BIND DNS