I'm running a DNS server on my network. If a domain is requested and it doesn't exist I want the DNS server to send the IP 192.168.0.1 Here's an example : One of the machines on the network requests a domain that doesn't exist www.DomainDoesntExist.blahblah When the DNS server gets this request it will see that it doesn't host the domain so it will ask the root servers, the root servers will respond and say they can't find the domain so what I want the DNS server to do is send them 192.168.0.1
If your dns server doesn't have the authority, you can't return an IP of your own choosing. There was a huge uproar when verisign tried to do something like that.
Well it does have the authority because it's my DNS server on my network I know it's possible in theory. My question is if you can configure it do this or if I'm going to have to rewrite my DNS to do it. I know about verisign, a few years back they added a wildcard for .com and .net so they could show ads. Stuffed up the internet really bad as you can imagine.
It would be possible if you wrote your own DNS. I use tinydns, and I know that it cannot be configured as you ask. Maybe some other dns could do it - or maybe you should look to proxy servers, which are more apt to be able to do that kind of thing IMO.
Proxy won't work because some systems have there own internet connection. DNS is the only easy way. I'm almost sure there must be a way. I'm running bind 9/named.
just a thought, here... but you might try djb's dnscache mailing list. (found somewhere on cr.yp.to) Those guys all know dns extremely well. Make sure you read the guidelines about posting questions - if you don't provide enough info up front about what you want to do, then they might not even respond to your question. And look for a verification e-mail. djb has an anti-spam system in place, so if you don't authenticate, your message won't reach the list.
question - what exactly are you trying to accomplish, that is, what result are you trying to achieve by doing this (besides the obvious reiteration of the initial post)? I don't entirely understand the point of doing this. fwiw, i'm a DNS expert, have run and maintained BIND for a decade and djbdns for four years.
Sounds to me like he wants to be able to block unknown hosts via dns. If a user on his network tries to go to an unapproved site, they get the IP of a server that will either return nothing, or return a "blocked" message. It's an entirely valid desire. I used to do the same thing with my hosts file as a poor man's ad blocker.
if the host is unknown, then there's nothing to be returned by the resolver in the first place. an unknown host means there's no 'there' there. unknown != unapproved - different issue.
The basics of what I'm trying to achive is when someone on the network requests a domain that doesn't exsit it returns an IP address. This IP will have a web server so that if they enter www.DomainDoesntExist.blahblah they will get the companies custom 404 page. It will also be used for capturing lost data, we are having troubles with people entering incorrect domains in some of our software and ending up without a reply this server will be used to work out what machines are using the wrong domain. DNS is the best way for me to do it. It's also something I've had to try in the past as well and had no luck so it will help on thoes odd occasions.
i don't, unfortunately. i dumped bind several years ago, because it's bloated, insecure, crapware. oh, i still have to dirty my fingers with it on rare occasion, but i use tinydns and dnscache (both part of djbdns) now for all my nameservers and resolvers (six nameservers, eight resolvers, currently) this really isn't a problem that can be solved with DNS. at best what you'd want to do is hack IE or whatever browser these folks are using, so that it'll return your own custom error message when someone enters a bad domain name.