How to setup BIND to resolve any request to one IP
I want to make a public DNS server on pfSense, and it should resolve any name to single IP address.
I found the following instruction, but I couldn't apply it in pfSense.
Please help me to adapt this instruction to pfSense.
Thank you in advance.
Why would you need to adapt the instructions. A wild card entry in bind is
- IN A ipaddress
So put that in there.. So I installed the bind package, got it working. Then created wildcard A record for 184.108.40.206, as you can see when I queried before got nx, put in the wildcard and then got the 220.127.116.11 answer for anything I queried.
They are your subdomains, and I need any domain. So even "dig google.com" should return 18.104.22.168
A few explanation.
I have several websites all launched on one server. Now I have to enter on my provider an IP address to all of them, if I will move to another hoster I will have to change IP for all of them.
What I want to do is to create an NS server that will resolve any domain to a single IP, forward all my sites to that NS server, and if I would decide to change my hosting provider I would just change a resolving IP address on my NS server and thats it. Also when I add a new website I just set it's NS server and it works because NS server resolves any domain.
resolving ANY domain like google.com is NOT a wildcard..
"forward all my sites to that NS server"
Just the 1 NS?? Running on pfsense? That sounds like a really bad idea to me. If you want to host dns for your domains, then use a dns service would be my suggestion. But creating a NS that resolves ANY domain asked for to some specific IP is bad idea for sure!! Domains need at min 2 NS. These name servers should be on different networks in different geographic locations on different connections as well.
How many domains do you have? Just create wildcard entries for them, just like you do for the 1 domain. But if you want to host all your domains in one system I would really suggest you look into a dns service, there are free ones, paid ones are very reasonable priced. dnsmadeeasy for example start at $30 a YEAR for 10 domains and 5 million queries per month, etc.
Yes I have more than 10 websites, also I have servers in differet geo zones not related to each other, no problem to make 2 NS servers.
However it looks like you name the whole idea bad. What exactly wrong?
- pfSense is bad idea as a public router?
- BIND is bad idea for public NS server?
Hosting your own public dns is BAD idea if you ask me.. If its for play(learning) or very very very low non critical traffic ok. I run bind on a couple of vps so I can be the authoritative ns for 1 of my domains. Mostly because I wanted to play with dnssec. This domain is only for my own personal use, while it is on the public internet and anyone can query it, I don't publish anything to the public with it. There no hosts listed in the domain that the public would have any desire to go to. I put my other vps in this domain as one method of resolving their ipv4 and ipv6 addresses. But even if it goes down I still have access to the stuff it would resolve. Its a play domain on play boxes..
I can tell you for sure you do not have the infrastructure in place to compete with a company that does dns for a living. They have multiple locations around the globe with a full anycast setup, etc.
They have other price plans, and you can add domains if your issue is you have more than 10, how many more 100, 1000?
While I am all for pfsense as a firewall/router and sure some services - I do believe its a bad idea to use it just as a means of getting a package running. Its not a dns appliance/distro its a firewall.. It just happens to have a package you can install for bind. Which they put a nice gui around, bind doesn't really have many gui's so yeah I can see where that might be attractive to use.
But if your goal was dns, why would you not just install bind on your OS of choice?
To be honest it rarely makes sense to host your own "public" dns. Its a common attack vector for one, why not let the companies that deal with that deal with that - they have the expertise in it. Seem your not doing anything of any fancy nature where you would actually need full access to bind to make configuration changes. You just want to something to respond with 1 IP for any host in a domain.. That doesn't scream I need to run my own dns to me. I would think a nice web portal you log in and create your entries is wall that is needed here.
And you can deal with your servers at the end of those IPs dns resolves too. Just my 2 cents is all.
Thank you for youre detailed answer. I'll consider it one more time :)