Loopback DNS

Last Update 12th November 2006

Recently I set up a network for a lan bash to use. The place where the Lan was held had no internet access and I found a lot of the games (most notably Valves Steam) wanted to look up internet addresses. The load times would be slow while the game waited for time outs. To combat this I modified the DNS server to point all unknown requests at itself thus making things fail quickly rather than timeout. By making the DNS dynamic for the computers on the Lan itself DNS lookups and reverse mapping would work for the local computers (though this is a nicety rather than a necessity).

You could use much the same trick to lock down a wireless access point direct all unknown MAC addresses to a false DNS server (thus stopping IP over DNS hacks) which only returned a sign up page.

My Network

Running Debian Linux, as usual this example should work for other flavours of Linux but I can make no promises, you mileage may vary! If anyone has success or problems please email me address below. My server hostname is shootout3, the local network is called lanbash and the Lan is running on the 10.0.0.0/24 subnet

View "/etc/bind/named.conf" ("more /etc/bind/named.conf") look for a section as shown below.

// prime the server with knowledge of the root servers
zone "." {
type master;
file "/etc/bind/db.root";
};

This basically sets the dns top level servers so that lookups not know to the local server. You should not need to alter this file only use as a point of reference to find the master file. In this example the master file is called "db.root".

Open "db.root" in your favourite text editor it should look something like

; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12
M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
;; Query time: 81 msec
;; SERVER: 198.41.0.4#53(a.root-servers.net.)
;; WHEN: Sun Feb 1 11:27:14 2004
;; MSG SIZE rcvd: 436

Modify "db.root" so it looks more like the one below. Remember to change the server name and address to match that of your DNS server address and hostname.

$TTL 604800
@ IN SOA shootout3.lanbash. root. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS shootout3.lanbash.
* IN A 10.0.0.3

Restart the DNS server with "rndc reload" or run /etc/init.d/bind9 restart" and hey presto all computers using this for DNS lookups will have all hostnames resolved back to your own server.

In case you are wondering how this works, the normal operation for DNS quries is that at the Top level there are a number of Master servers A, B, C, etc by taking these out you are making your server the ulitmate master for all DNS on the network.