question on BIND/DNS

[johnpalmer]

Okay... my figuring goes like this.

I have a domain out there. The domain points to an advertising page ("domain name parked at incompetentregistrar.com!").

It would seem to me that if I used that domain to set up BIND on my home network, it would have no effect on the outside world. Inside my home network, I wouldn't be able to browse to that advertising page any more, because my home's name server would point to whatever I pointed it to.

After all, it seems quite clear to me that BIND (nor Windows DNS) does not send out "HEY! I'm right here!" messages.

Um. Yeah. It does seem quite clear to me. Can anyone verify that this is, in fact, *true*? Or let me know if there's a way to set up a deliberately invalid domain to do testing of setup?

Comments

[ztrooper.livejournal.com]

if you're looking to block advertising sites, I just point the sites in a host file to 127.0.0.1

I'm afraid I'm not quite converstant enough with BIND to know if what you're proposing will do the trick.

[autographedcat.livejournal.com]

Yep. If you set up BIND on your home system, and then ask it questions, it will answer back whatever you told it. No one else will get that info, though, becuase no one else knows to ask your server.

DNS works (globally) like this:

root servers: these know who is authoritative for each domain

authoritative servers: these are the ones that actually know the domain-ip mapppings

caching servers: these are the servers you actually ask questions to. They don't know anything themselves, but they know how to ask root and auth servers where to find the answers, and can hold on to that information for brief periods of time, as defined by the appropriate authoritative server.

The only way to get the info in your home server out on the world is to get the root servers to point at it, and that requires a registrar of some kind to submit that request. Just setting it up does nothing to make it public.

Hope that helps.

[johnpalmer.livejournal.com]

Nah, all I want to do is set up a name server on my local network, confirm that it works ("jdplaptop.domainname.com now resolves to my laptop..."), without potentially causing any problems. I'm 99% sure that setting up a local DNS, for an inactive domain, at an IP that's not listed by the registrar as authoritative, can't matter. I just want to eliminate that 1%.

(But I do like the idea of blocking advertising sites... I think I might do that.)

[johnpalmer.livejournal.com]

That's exactly what I was pretty-sure of; thank you!

(I had this nightmare of finding out "Everyone knows that when your BIND server connects to another DNS server, it (breaks something, somehow, if your server isn't the True And Official name server)". Everyone except, you know, me. :-) )

[autographedcat.livejournal.com]

*grin* Nah, no worries. You can do pretty much anything you want on your own box, and it'll only affect you.

(This is what I do for a living, so feel free to ping me if you need more info. *grin*)

[eleccham.livejournal.com]

If you'd like, I can even send you a sample named.conf for a caching name server that also resolves local names. It's not hard, but I've already done that work :)

[johnpalmer.livejournal.com]

Sure, I'd love to see it... right now, I've got a simple, super-standard name server running, and I'd like to see something that's not the pure standard :-).

[wyang.livejournal.com]

If you need or want some tools for BIND, let me know. I've got really good automation for single-view zones to avoid a lot of the common errors with BIND configuration that I can make available to you on request.

However... you don't have to do that to work with DNS -- just use a second-level zone and use the .local top-level domain (which is conventionally used, but is not a root-level domain). If you were to make up a domain ("jpalmer.local") and set it up on your BIND server and configure your DNS clients to search the jpalmer.local zone, you'd get all the benefits with about none of the risks....

-Bill