Our DNSBL is configured as a wildcard zone. Unregistered entries should be returned as IP address 0.0.0.0 in order to deliver fast results and avoid query timeouts. For this purpose the zone ip.dnsbl is globally configured as follows:
Code: Select all
@ A 0.0.0.0
* CNAME ip.dnsbl.
*.* CNAME ip.dnsbl.
*.*.* CNAME ip.dnsbl.
*.*.*.* CNAME ip.dnsbl.
The problem should become clear with the example of the IP address 1.2.3.4. For this example the address is assumed to be a dynamic client. The DNS server should return the address 127.0.0.4 for dynamic clients.
The IP address is turned over in a first step and then registered as DNS-A entry:
Code: Select all
4.3.2.1 A 127.0.0.4
In fact, the query => answer scheme is as follows
Code: Select all
0.0.0.0 - 0.255.255.255 => 0.0.0.0
1.0.0.0 - 1.2.3.3 => NXDOMAIN
1.2.3.4 => 127.0.0.4
1.2.3.5 - 1.255.255.255 => NXDOMAIN
2.0.0.0 - 255.255.255.255 => 0.0.0.0
Code: Select all
1 CNAME ip.dnsbl.
*.1 CNAME ip.dnsbl.
*.*.1 CNAME ip.dnsbl.
*.*.*.1 CNAME ip.dnsbl.
*.2.1 CNAME ip.dnsbl.
*.3.2.1 CNAME ip.dnsbl.
I hope this helps others not to to get trapped as we were.