"delegation-only" feature for pdnsd

by Paul Rombouts

Versions 1.1.8b1-par8 and later have a new feature that emulates the "delegation-only" feature of BIND.
This was originally implemented as a tool for undoing the unwanted effects of DNS wildcards, in particular the resolution of non-existing names to VeriSign's Site Finder service. At the moment there is probably not much use for it, but the feature is still there, just in case.
See my main pdnsd webpage for details how to download the latest version of pdnsd.

The new feature is disabled by default (and unless you have a good reason for using it, it is best left disabled). In the typical case it can be configured by adding the following line to the global section of the configuration file:

If it does not work for you, simply remove or comment out this line and restart pdnsd.
If you find this feature blocks a legitimate domain name, this is probably due to a missing authority section in the reply from the remote name servers pdnsd is querying. You can check this with the dig utility that comes with the bind package installed on most systems. This is an example of dig output:

[paul@memamdo paul]$ dig @ cdl.earthcache.net
; <<>> DiG 9.2.1 <<>> @ cdl.earthcache.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32752
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;cdl.earthcache.net.            IN      A
cdl.earthcache.net.     0       IN      A
;; Query time: 69 msec
;; WHEN: Tue Sep 23 23:40:39 2003
;; MSG SIZE  rcvd: 52

If you find AUTHORITY: 0, you will have to find another name server that provides good authority information and add its address to the list of servers in the configuration file. It is not necessary to list this server first.

If you have questions about this new feature, you can email me at the address listed at the end of REAME.par.