Can we update CNAME per request? [closed]

domain-name-system nameserver

I would like to return a unique CNAME for each request and add the IP address of that CNAME to the zone files. is it possible?


Solution 1:

Your question lacks details. Why are you doing that (why specifically a CNAME?), who does the query, why you need to put the result in the zonefile, etc.

So here are below only some vague ideas.

If your question is about generating on the fly records, yes you can do it with bind as well as other nameservers letting you choose "dynamic" backend with some programming language.

See:

  • Bind can serve "Dynamic Zones", but this is mostly tied to databases, see http://bind-dlz.sourceforge.net/ and Dynamically Loadable Zones | Internet Systems Consortium ; but you could also develop your own backend
  • PowerDNS: Lua Backend | PowerDNS Authoritative Server documentation This backend is just a “glue” between PowerDNS and your own Lua application. ; so if you write a Lua application you are free to serve whatever record you want for each query.
  • Yadifa and NSD do not seem capable to do that (but there are various patches and attempts to plug them to SQL databases for example)

You could also of course, again depending on your need, build a small simple authoritative nameserver in whatever programming language you choose that has a good DNS abstraction library to handle all the details (and there are many) of the DNS protocol.

Another cheap way of doing it: use wildcards. But with caution. However at their core the wildcards let you have immediately all CNAMEs you want in your zonefile with only one line. But it all depends on who queries your nameserver.

Remember that your authoritative nameserver has as clients the recursive nameservers, not the end clients so it will see only the IP address of the last recursive nameserver used by the client and not the client IP. You have the EDNS Client Subnet option that, if supported by the recursive resolver, will give you an indication on the subnet of the client IP address, but never the complete address for privacy reasons.

To close, have a look at various works of Geoff Huston. He his a DNS researcher at APNIC who does a lot of studies. To conduct them he often buys ads that provide unique links for each client resolving to specific names. See this example among others: Counting IPv6 in the DNS | The ISP Column It may give you some fresh ideas.

(See my detailed answer to your related query: How to associate DNS requests with the requests to web server hosting that domain name? | Server Fault)

Related

Nginx how to disable multithread downloads
Why should I use int instead of a byte or short in C#
Flask - Calling python function on button OnClick event
can't get correct value of keyboard height in iOS8
jquery: change the URL address without redirecting? [duplicate]
Quick and Simple Hash Code Combinations
C# .Equals(), .ReferenceEquals() and == operator
How can I plot NaN values as a special color with imshow in matplotlib?
IIS7 folder permissions for web application
require is not defined? Node.js
Using android vector Drawables on pre Lollipop crash
How to read a value from the Windows registry