[dns-operations] Custom DNS server as backend for authoritative DNS server
Paul Vixie
paul at redbarn.org
Fri Mar 15 00:56:49 UTC 2019
Casey Deccio wrote on 2019-03-14 15:56:
> Hi all,
>
> I've built a little authoritative DNS server that returns synthesized
> responses, based on the query names it receives. I would like to
> stand it up as a backend for an existing authoritative DNS server
> implementation. Most of my DNS zones would then be served right from
> the production authoritative server (e.g., BIND, NSD, whatever), but
> when a query for a given zone is received, the authoritative server
> looks to a backend running on (for example) some other port on the
> same machine and then returns it to the client that asked it.
bump-in-the-wire signers worked that way; the method may still exist.
it's also how much RBL and RHSBL content is served, since "rbldnsd via
rsync" is often considered preferable to NOTIFY/IXFR.
> So, effectively the authoritative server does some forwarding of queries
> to a designated backend, but only specified zones, and it should
> always act as an authoritative server, in the sense that it doesn't
> require RD=1. I've spun my wheels a little bit and haven't found an
> effective solution, so I'm looking to my friends in the DNS
> Community. Any ideas?
i think your backend should FORMERR on RD=1. note that it will have to
be able to respond to SOA and NS queries at the apex. straight-forward
"zone { type forward; ... }" would almost work (in BIND9, though other
servers implement the same feature with different syntax), except, you
have to use TTL 0 to prevent caching, and, i'm not completely clear on
what the real server will do with an RD=0 query in terms of forwarding.
did you test any of those possibilities?
see also http://uribl.com/datafeed_faq.shtml#q5
--
P Vixie
More information about the dns-operations
mailing list