[Pdns-users] Why is pdns searching for NS records at the sub-domain level?
chayes
chayes at afo.net
Thu Sep 5 14:33:43 UTC 2013
John,
You are correct. I am trying to build a white-list dns.
So for example, if I wanted to white-list cnn.com then I would have
sufficient domains and records in the pdns database to cover it (corrected
info below).
And if a user attempted to browse to a site that was not allowed, like
gamble.com, then I assume I would need nxdomain to answer and send them to a
special IP containing a block page.
I have made some progress ... I can whitelist specific sub-domains, having
non-white-listed sites return "page cannot be displayed" ... but I can't
seem to whitelist entire domains because I can't get wild-card working ...
and I need to return a block page instead of "page cannot be displayed."
corrected records table contents:
+----+-----------+---------+------+----------------------------+-------+------+-------------+
| id | domain_id | name | type | content | ttl |
prio | change_date |
+----+-----------+---------+------+----------------------------+-------+------+-------------+
| 1 | 1 | cnn.com | SOA | localhost dnsadm at afo.net 1 | 86400 |
NULL | NULL |
| 2 | 1 | cnn.com | NS | ns1.timewarner.net | 86400 |
NULL | NULL |
| 3 | 1 | cnn.com | NS | ns3.timewarner.net | 86400 |
NULL | NULL |
| 4 | 1 | cnn.com | NS | ns1.p42.dynect.net | 86400 |
NULL | NULL |
| 5 | 1 | cnn.com | NS | ns2.p42.dynect.net | 86400 |
NULL | NULL |
| 6 | 1 | cnn.com | A | 157.166.226.25 | 86400 |
NULL | NULL |
| 7 | 1 | cnn.com | A | 157.166.226.26 | 86400 |
NULL | NULL |
+----+-----------+---------+------+----------------------------+-------+------+-------------+
Cliff
--
View this message in context: http://powerdns.13854.n7.nabble.com/Why-is-pdns-searching-for-NS-records-at-the-sub-domain-level-tp10313p10320.html
Sent from the PowerDNS mailing list archive at Nabble.com.
More information about the Pdns-users
mailing list