Domain Name System – Configure DNS Server to Return Same IP for All Domains

binddomain-name-systemwildcard

I would like to configure a nameserver that will return the same IP address ("A" record) for any arbitrary host name. For example:

example.com
subdomain.example.com
someotherdomain.com
anyotherdomain.co.uk

should all return the same IP address. Is there a way to do this with BIND? Or is there an alternative to BIND that can do this?

Best Answer

With BIND, you need a fake root zone to do this. In named.conf, put the following:

zone "." {
    type master;
    file "/etc/bind/db.fakeroot";
};

Then, in that db.fakeroot file, you will need something like the following:

@ IN SOA ns.domain.com. hostmaster.domain.com. ( 1 3h 1h 1w 1d )
  IN NS <ip>
* IN A <ip>

With that configuration, BIND will return the same IP address for all A queries.

Related Solutions

BIND – Overriding DNS Entries in BIND for Internal Networks

The best method is via the response policy zone in Bind 9.8.1 or newer. It allows you to override single records in arbitrary zones (and there's no need to create a whole subdomain for that, only the single record you want to change), it allows you to override CNAMEs, etc. Other solutions such as Unbound cannot override CNAMEs.

https://www.redpill-linpro.com/sysadvent/2015/12/08/dns-rpz.html

EDIT: Let's do this properly then. I will document what I've done based on the tutorial linked above.

My OS is Raspbian 4.4 for Raspberry Pi, but the technique should work without any changes on Debian and Ubuntu, or with minimal changes on other platforms.

Go to where your Bind config files are kept on your system - here it's in /etc/bind. Create in there a file called db.rpz with the following contents:

$TTL 60
@            IN    SOA  localhost. root.localhost.  (
                          2015112501   ; serial
                          1h           ; refresh
                          30m          ; retry
                          1w           ; expiry
                          30m)         ; minimum
                   IN     NS    localhost.

localhost       A   127.0.0.1

www.some-website.com    A        127.0.0.1

www.other-website.com   CNAME    fake-hostname.com.

What does it do?

it overrides the IP address for www.some-website.com with the fake address 127.0.0.1, effectively sending all traffic for that site to the loopback address
it sends traffic for www.other-website.com to another site called fake-hostname.com

Anything that could go in a Bind zone file you can use here.

To activate these changes there are a few more steps:

Edit named.conf.local and add this section:

zone "rpz" {
  type master;
  file "/etc/bind/db.rpz";
};

The tutorial linked above tells you to add more stuff to zone "rpz" { } but that's not necessary in simple setups - what I've shown here is the minimum to make it work on your local resolver.

Edit named.conf.options and somewhere in the options { } section add the response-policy option:

options {
  // bunch
  // of
  // stuff
  // please
  // ignore

  response-policy { zone "rpz"; };
}

Now restart Bind:

service bind9 restart

That's it. The nameserver should begin overriding those records now.

If you need to make changes, just edit db.rpz, then restart Bind again.

Bonus: if you want to log DNS queries to syslog, so you can keep an eye on the proceedings, edit named.conf.local and make sure there's a logging section that includes these statements:

logging {
    // stuff
    // already
    // there

    channel my_syslog {
        syslog daemon;
        severity info;
    };
    category queries { my_syslog; };
};

Restart Bind again and that's it.

Test it on the machine running Bind:

dig @127.0.0.1 www.other-website.com. any

If you run dig on a different machine just use @the-ip-address-of-Bind-server instead of @127.0.0.1

I've used this technique with great success to override the CNAME for a website I was working on, sending it to a new AWS load balancer that I was just testing. A Raspberry Pi was used to run Bind, and the RPi was also configured to function as a WiFi router - so by connecting devices to the SSID running on the RPi I would get the DNS overrides I needed for testing.

Linux – configure BIND DNS on debian

Your original config:

$TTL    3600
@   IN  SOA example.com. admin.example.com. (
            2011101601  ; Serial
            3600        ; Refresh 1h
            60      ; Retry 1m
            86400       ; Expire 1d
            600 )       ; Negative Cache TTL 1h
;
@   IN  NS  localhost.

;
example.com.    IN CNAME localhost.
example.com.    IN A 127.0.0.1

should be changed to this:

$TTL    3600
@   IN  SOA example.com. admin.example.com. (
            2011101801  ; Serial
            3600        ; Refresh 1h
            60      ; Retry 1m
            86400       ; Expire 1d
            600 )       ; Negative Cache TTL 1h
;
@   IN  NS  ns1.example.com.

;
example.com.        IN A 127.0.0.1
ns1.example.com.    IN A 127.0.0.1
www.example.com.    IN CNAME example.com.

(did you notice that I also changed the serial? for every change you make on the config you need to alter the Serial. It's format is YEARMMDD and a two digit ID starting at 01 which you need to +1 every time you make a change. So for example if you made a second change on the config today, you should change it to 2011101802, on a third change it should be 2011101803, or if you would make a change tomorrow it should be 2011101901 etc. this is very important!)

Also make sure that on your webserver you have a virtual host configured as example.com

Check that your /etc/resolv.conf points to your local BIND and has nameserver 127.0.0.1 entry first. If you are using debian with Gnome then Network Manager might overwrite resolv.conf. One solution for this is just to add the nameserver to Network Manager through the GUI, but make sure that it is first in the list.

Best Answer

Related Solutions

BIND – Overriding DNS Entries in BIND for Internal Networks

Linux – configure BIND DNS on debian

Related Topic