Fool the Dutch nameserver check

July 25, 2008

dns

.nl employs a system for registering a domain name that works as follows:

  1. you setup a zone
  2. you register the zone name
  3. .nl checks the zone from your nameservers
  4. if the zone is found to be OK, your name is registered
  5. if it is not ok, you have to fix your zone or the name is already claimed (you can check that before hand)

This conflicts with how most ISPs work. Where one just updates the provisioning database and it (ideally) goes right to the registry to claim the name. Then after some time you “dump” the provisioning database on the network and automatically configure the zone for the customer.

Wouldn’t it be nice when you could do the same for the .nl registry? The thing you need is some kind of fake nameserver that will tell the registry just what it wants to hear: For all .nl zones it will tell the bot, ‘Yes, I’m authoritative for that name and these are the records.’ And it gives out the standard SOA, MX and others. See the technical requirements for what exactly is needed.

With such a fake nameserver in place the registry process becomes:

  1. register the name with .nl
  2. .nl will query your fake nameserver
  3. if OK, provision the zone for the client
  4. (some time later) send in a nameserver change request to give the zone the correct nameservers.

Note: the big difference here is that you don’t have to go restarting services on your network right away. You can do it when you are ready for it. And that is a big plus for most ISPs.

fake nameserver

The following Perl scripts starts a nameserver on two IP’s. You need to configure a host with two IP’s as this is one of SIDN’s requirements. When it runs it will return exactly what .nl wants to hear for all .nl queries. If gives back a FORMERR for all none .nl names.

Download the script

usage

Starting the server:

   ./dnsserver.pl
   Creating TCP socket 127.0.0.1#15353 - done.
   Creating UDP socket 127.0.0.1#15353 - done.

A sample query:

dig -p 15353 @127.0.0.1 mx miek.nl

; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36820
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;miek.nl.           IN  MX

;; ANSWER SECTION:
miek.nl.        3600    IN  MX  100 mx1.miek.nl.
miek.nl.        3600    IN  MX  100 mx2.miek.nl.

;; Query time: 18 msec
;; SERVER: 127.0.0.1#15353(127.0.0.1)
;; WHEN: Fri Jul 25 11:44:51 2008
;; MSG SIZE  rcvd: 65
None