BIND problem

Corey Edwards tensai at
Fri Sep 23 00:13:42 MDT 2005

On Thu, 2005-09-22 at 23:04 -0600, Michael Torrie wrote:
> On Thu, 2005-09-22 at 21:22 -0600, Corey Edwards wrote:
> > Sorry, that really is pretty ambiguous. I meant that anything in
> > won't resolve to the normal address. I started
> > thinking about it and I wasn't sure why that is, so I ran a few tests.
> > One of the domains that I forge is As expected,
> > won't resolve on my box. Yay! That's because Bind
> > believes it is authoritative for the whole * zone, so
> > anything not listed doesn't exist. doesn't work
> > either.
> That's not good for me then.  Darn it.

Here's something you can do:

$ORIGIN org.
slashdot         IN SOA (
                            2005092101 ; Serial
                            1H         ; Refresh - 8h
                            1H         ; Retry - 2h
                            4W         ; Expire - 4w
                            1H         ; Negative Cache TTL - 1d

                 NS         your.dns.server.

www              IN A

yro              IN NS
yro              IN NS

Basically you're forging authority for their domain and then delegating
the subdomains back to them. The drawback there is that you have to
track NS changes (which should be infrequent) and you have to enumerate
all subdomains you want to work.

Will that do the trick?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : 

More information about the PLUG mailing list