[Gllug] speaking of DNS server setups...
Benedikt Heinen
gllug at ml.icemark.net
Tue Jan 4 17:07:57 UTC 2005
>> Is it possible, with bind9 or another name server, to specify part of a
>> domain name as a wildcard?
>>
>> e.g. I would like to define the same setup for all *.foo.net hosts, so
>> that www.a.foo.net, www.b.foo.net, ... www.zyx-cba.foo.net all point to
>> the same host?
> Yes, it's simple to do.
Is it also possible for SUBDOMAINS?
I take it, if I can specify
* IN A 192.168.0.1
I could just as well specify
* IN NS 192.168.0.1
but, what about the zone file / named.conf?
Within the zone file, can I write
$ORIGIN *.foo.net.
with the * coming in as planned? (Similarly, in named.conf, can I specify
zone "*.foo.net" { [...] }
)?
>> Second, and now it gets more interesting, can I specify exceptions?
> Yes. The wildcard is used only where there is no explicit record.
Can I specify a "non-record", or do I have to create an illegal one?
(remember the example, I want the exception to REMOVE a name)?
OK, I might just
dontwantitanymore IN NS 127.0.0.1
or - if I wanted to make sure the spammer wastes time on name lookups,
specify
dontwantitanymore IN NS 192.168.42.191
[or other non-routed address; 127.0.0.1 will fail too fast...]
>> [ * MX records ]
> I would avoid this though as it makes life really easy for spammers and
> really hard for you.
Actually, my idea is to use it against spammers...
Right now, I am using a handful of subdomains to handle specific stuff,
and create new addresses within those domains as I see fit.
The problem sets in, when I want to remove a single address -- there are
still loads of attempts to send an email to that address. If I had a
sub-domain per recipient, I could turn off individual subdomains if I got
spammed on that one - effectively reducing traffic, as there will be DNS
traffic only...
Also, if I dynamically created subdomains for this purpose, I could still
make it very tough for the sender, if I still only define ONE specific
user in the domain and discard everything else...
> It's trivially easy to add an record to a database table to activate a
> subdomain or other recipient "site" in postfix.
Yes, that's what I'm aiming for, making it as easy as possible to
extend...
Benedikt
INFLUENCE, n. In politics, a visionary _quo_ given in exchange
for a substantial _quid_.
(Ambrose Bierce, The Devil's Dictionary)
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list