Knowledge Base ISC Main Website Ask a Question/Contact ISC
NXDOMAIN Redirection Using DLZ in BIND 9.10 and later
Author: Brian Reid Reference Number: AA-01150 Views: 14143 Created: 2014-04-14 17:39 Last Updated: 2018-02-28 11:01 0 Rating/ Voters
This feature is also available in BIND 9.9-S

All information below also applies to BIND 9.9 Subscription Version.

NXDOMAIN redirection is a BIND feature providing the ability for a recursive server to replace an NXDOMAIN response to a query with a configured answer of its own.  This substitute response is returned to the original client in place of the NXDOMAIN response received by the server.  Recursive server administrators may use this redirection for their own purposes or to obtain advertising revenue from third parties who specialize in this business.  Use of this feature is optional and the default is off.  Unless the default behavior is overridden by the administrator a recursive BIND resolver will pass NXDOMAIN responses to the querying client without altering them.

The NXDOMAIN redirection feature debuted originally in BIND 9.9.0, and allowed simple redirection of NXDOMAIN responses based on the use of a new zone type (type redirect).  This original method of NXDOMAIN redirection remains supported, but in addition BIND 9.10 expands upon this feature by extending the Dynamically Loadable Zones (DLZ) feature set to allow more flexible control over NXDOMAIN responses.

As a side benefit of the improved DLZ support, BIND 9.10 and later allows operators to configure multiple DLZ data sources and specify their ordering.

In order to use a dynamically loadable zone, it must first be declared in a dlz definition block which specifies a data source and (optionally) declares the database to be searchable or not searchable.  The dlz declaration looks like this:

dlz "example" {
        database "dlopen";
        search yes;    // the "search" line is optional; if unspecified it defaults to "yes"

The search keyword is new to the expanded DLZ support in BIND 9.10 and later.

  • If search is set to yes (or is unspecified) then the data source declared in that DLZ declaration is searched as part of the "best-match" fitting when a query comes in that is not covered by a regular zone.  
  • If search is set to no, that data source is not used for "best-match" fitting but only where it is explicitly declared for use in a zone definition.

To use NXDOMAIN redirection with DLZ, configure a dlz declaration pointing to a database that will return the desired redirect answer and use the search no; option in your declaration:

dlz "nxdomain.redirect" {
        database "dlopen redirect.database";
        search no;

And then instruct named to use that as the data source for a zone definition of type redirect.

zone . {
        type redirect;
        dlz nxdomain.redirect;

© 2001-2018 Internet Systems Consortium

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

  • There is no feedback for this article
Quick Jump Menu