named with catch-all

[blodan]

Hi!

I have a pretty normal setup at our office, our dhcp server sends out 10.0.0.1 (firewall server) as dns.

I then have named forward all queries to googles dns servers (8.8.8.8, 8.8.4.4), but if a user requests a A-record for a domain that doesnt exist I want to send him an A-record of 10.0.0.15 (our internal webserver with a 404 page), i can´t figure out how to setup this in named so that the user gets the 10.0.0.15 record and I have been googling for about 45 minutes now.

Hope someone has done this before

Best regards
Daniel

 

[DutchDaemon]

Even if you give the user an A record, your webserver will not understand the URL the client will send (because it doesn't know the Host the client asks for), so it will probably not produce the 404 page you want, but an obscure error about not being able to serve the requested URL. Moreover, injecting your own fantasy A record will likely break other applications, esp. if you have any servers handling email in your network. These will be greatly confused by fake DNS entries. Maybe using a transparent Squid with a customised error page for DNS errors better suits your needs. In general: don't intercept DNS. It never works the way you would like it to.

 

[blodan]

mkey, thanks, i´ll give squid a try.

The problem with the 404 page not showing isn´t a problem as thats the default v-host if no other v-host gets matched.

However im wondering how opendns handles this, as thats the "feature" im looking at replicating. If you use opendns and try visiting a domain that doesnt exist you get redirected to their google page. Opendns is probably using something more advanced than named though, but i´ll give this thread an update if it turns out I find out how to do it

 

[DutchDaemon]

What OpenDNS does is a violation of RFCs, and it only works on websites (http traffic). It breaks other services, esp. email, spam blocking etcetera. It is not a viable production situation.