> Il 23/02/2017 20:38, Warren Kumari ha scritto: > > What are you actually trying t odo?
On Fri, Feb 24, 2017 at 09:42:17AM +0100, Andrea Gabellini wrote: > the server is a resolver for about 20K clients. My goal is to > supply a courtesy page if a domain is not found. For every domain. Ugh. You call it a courtesy, I call it ignorant and abusive. > A query for abc.example.com or example.com (and these do not > exist) has to receive the address of the courtesy web server. > > A query for xyz.abc.example.com (and this do not exists), have > to receive NXDOMAIN. > > This is a workaround for queries made to the dnsbl services like > spamhaus.org or mailspike.org, where the queries are of type > "4.3.2.1.zen.spamhaus.org". If the redirect is for all levels of > the domain, there is a response and the antispam system thinks > that this IP is in blacklist. No. A mail server needs clean DNS, no NXDOMAIN hijacking at all. Such as, if a user submits mail to somewhere@invalid.example, the MTA needs to know that "invalid.example" is NXDOMAIN. It's one thing, if you're trying to be "courteous" to ordinary web-only users; it is quite different when you are serving DNS to servers of various kinds. Your customers WILL be calling to complain. Perhaps you should offer a clean nameserver for business and static IP address customers? Inform them and advise them to change before you implement your "courteous" NXDOMAIN abuse? -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
