Re: "Abusing" BIND DNS Server as Networked HOSTS File...

Kevin Darcy wrote:

> No, a root zone won't help here. You can't skip zone levels like that.
> If you add a gateway.dyndns.org record in a private root zone, the
> nameserver would assume that that's the only entry under dyndns.org and
> so it would be as bad or worse than defining a private dyndns.org itself.
>
> Instead, define gateway.dyndns.org as its own zone. Same for any other
> names for which you may want to "spoof" name resolution. Just make sure
> none of this spoofing is visible to Internet DNS clients. If at some
> point you decide you want to serve some Internet zones, and you don't
> have budget for another nameserver, you could look into using the "view"
> feature to serve up different data to different sets of clients (or do
> it the older way by having multiple BIND instances listening on
> different interfaces).

HELL! THANKS DUDE! Thats the solution for me! Its ugly, but i live in an
ugly network, so its perfect :) ! And however, once implemented its
centraly administered. i tested and implemted it quick and works fine now.

btw: "Name Resolution Spoofing" is the right name for that :)

I assume using "view" feature is something called "split brained" earlier?!
however, no topic to me since i dont serve to the internet. but thanks
anyway!


> You may also want to consider not forwarding to your ISP's nameservers,
> if you have a choice in the matter. Frequently, forwarding doesn't
> deliver the performance benefits that people expect. Doing your own
> iterative resolution also makes you less dependent on your ISP's
> nameservice.
>
> - Kevin

hmmm.. ur right. but i thought i would act less "aggressive" to the internet
if i use the NS at my ISP to make use of its cache and other stuff rather
than making direkt load to the root servers. of course some *of my request
will go up to the top even i use my ISPs NS as forwarder. but wont it save
traffic load? am i wrong?

AGAIN, THANKS FER YER QUICK HELP!!

greets
Axel