Knowledge Base ISC Main Website Ask a Question/Contact ISC
NXDOMAIN Redirection Using DLZ in BIND 9.10
Author: Brian Reid Reference Number: AA-01150 Views: 3460 Created: 2014-04-14 17:39 Last Updated: 2014-04-22 17:22 0 Rating/ Voters

NXDOMAIN redirection is a BIND feature providing the ability for a recursive server to replace an NXDOMAIN response to a query with a configured answer of its own.  This substitute response is returned to the original client in place of the NXDOMAIN response received by the server.  Recursive server administrators may use this redirection for their own purposes or to obtain advertising revenue from third parties who specialize in this business.  Use of this feature is optional and the default is off.  Unless the default behavior is overridden by the administrator a recursive BIND resolver will pass NXDOMAIN responses to the querying client without altering them.

The NXDOMAIN redirection feature debuted originally in BIND 9.9.0, and allowed simple redirection of NXDOMAIN responses based on the use of a new zone type (type "redirect".)  This original method of NXDOMAIN redirection remains supported, but in addition BIND 9.10 expands upon this feature by extending the Dynamically Loadable Zones (DLZ) feature set to allow more flexible control over NXDOMAIN responses.  

As a side benefit of the improved DLZ support, BIND 9.10 allows operators to configure multiple DLZ data sources and specify their ordering,

In order to use a dynamically loadable zone, it must first be declared in a "dlz" definition block which specifies a data source and (optionally) declares the database to be searchable or not searchable.  The dlz declaration looks like this:  

dlz "example" {
        database "dlopen driver.so database.name";
        search yes;    // the "search" line is optional; if unspecified it defaults to "yes"
};


The "search" keyword is new to the expanded DLZ support in BIND 9.10.

  • If "search" is set to yes (or is unspecified) then the data source declared in that DLZ declaration is searched as part of the "best-match" fitting when a query comes in that is not covered by a regular zone.   
  • If search is set to no, that data source is not used for best-match fitting but only where it is explicitly declared for use in a zone definition.

To use NXDOMAIN redirection with DLZ, configure a dlz declaration pointing to a database that will return the desired redirect answer and use the "search no;" option in your declaration:

dlz "nxdomain.redirect" {
        database "dlopen driver.so redirect.database";
        search no;
};

And then instruct named to use that as the data source for a zone definition of type redirect.  

zone . {
        type redirect;
        dlz nxdomain.redirect;
};


© 2001-2015 Internet Systems Consortium

Please help us to improve the content of our knowledge base by letting us know below how we can improve this article.

If you have a technical question or problem on which you'd like help, please don't submit it here as article feedback.

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

Feedback
  • There is no feedback for this article
Info Submit Feedback on this Article
Nickname: Your Email: Subject: Comment:
Enter the code below:
Quick Jump Menu