Hi,
I was searching thro the topic and could not find a thread which zeroes in on the case i'm trying to simulate. Basically I have a need to simulate DNS Try again cases, without bringing the dns_sever down (by manipulating the entries in /etc/resolv.conf under 'nameserver' tag). I am so specific about doing this simulation without manipulating resolv.conf, because i have a program which would send UDP requests to dns_server (obviously the return value will be success as i doesnt check whether dns_server exists). In this case, I want dns_server to up, and tell my program when it gets a try again.
So is there a method by which i can simulate 'Host not found, try again' case without terminating nameserver?
PS: If I'm correct, resolv.c contacts the dns server at port 53 (default) to the IP addresses specified under nameserver tag of resolv.conf?
to be specific -- what are you trying to accomplish?
you already have DNS knowledge there, but what kind of other query you need?
be careful of doing DoS.
Ah, I'm usually bad at explaining things. Sorry, but I'll give another try.
The actual need for me is to make the nameserver (dns_server) return 'Host not found, try again', irrespective of the IP queried for.
I understand that dns queries undergo multiple hops before they reach the final server. I want to accomplish 'try again' return value in the first hop itself. I currently am aware of 2 possibilities to do this. But I want a third way to do it, because I have some other problem testing my code with the first two possibilities.
Possibility 1: Change the resolv.conf to point to invalid nameserver
Possibility 2: Terminate the local nameserver, or change the local dns_server code to return 'try again' irrespective of the query
PS: I'm an email developer and am not attempting DoS even in its mildest way.
I missed out the key word actually, please excuse me. Actually, by TRY_AGAIN, i mean SERVFAIL case. I want the DNS server to return SERVFAIL case irrespective of the query. I went through 'named' code in bind library, but it was too complex for me to understand and modify.
Hi,
I'm working on a solaris machine. The iptables idea is actually what i intended for. When I googled, I found that iptables are located at /etc/sysconfig/iptables. It is not present in my system. Can I just create it by myself and will bind code read it when the 'named' is restarted?
BTW, I found a workaround for this problem and I had no way other than to write a fake server to send SERVFAIL to all requests. But still I'm baffled as to why the tcpdump of the reply packet doesnt show SERVFAIL. It just shows some address.