How to Configure a DNS Wildcard Server to Return Same IP for All Domains Using BIND


7 views

When implementing global traffic management or developing testing environments, you might need a DNS server that responds with a single IP address for all domain queries. This technique is particularly useful for:

  • Load balancer testing
  • Development environment setup
  • Global anycast network simulations
  • Captive portal implementations

Here's how to configure BIND (Berkeley Internet Name Domain) to return the same IP for all domains:


// named.conf options section
options {
    directory "/var/named";
    recursion yes;
    allow-query { any; };
};

// Zone definition for catch-all
zone "." IN {
    type master;
    file "catchall.db";
    allow-update { none; };
};

Create the zone file /var/named/catchall.db:


$TTL 86400
@ IN SOA ns1.example.com. admin.example.com. (
    2023081501 ; Serial
    3600       ; Refresh
    1800       ; Retry
    604800     ; Expire
    86400      ; Minimum TTL
)

@ IN NS ns1.example.com.
@ IN NS ns2.example.com.

; Wildcard A record
* IN A 192.0.2.1

; Specific records take precedence if needed
example.com. IN A 192.0.2.1
*.example.com. IN A 192.0.2.1

If you prefer not to use BIND, consider these alternatives:

1. dnsmasq Configuration


address=/#/192.0.2.1

2. CoreDNS Implementation


.:53 {
    template ANY ANY {
        answer "{{ .Name }} 60 IN A 192.0.2.1"
        fallthrough
    }
}

After configuration, verify with these commands:


dig @your-dns-server anydomain.com
nslookup randomname.test your-dns-server

When implementing this solution:

  • Monitor server load as this configuration may increase query volume
  • Consider implementing rate limiting
  • For production environments, evaluate the impact on DNS caching

Important security notes:

  • Never expose this configuration to the public internet
  • Use firewall rules to restrict access
  • Consider implementing query logging for debugging

There are several scenarios where you might need a DNS server that returns the same IP address regardless of the queried domain:

  • Development environments needing to point all test domains to localhost
  • Load balancing setups where multiple domains should resolve to a single endpoint
  • Catch-all DNS configurations for testing or security purposes

Here's how to configure BIND (Berkeley Internet Name Domain) to achieve this:

options {
    directory "/var/named";
    recursion yes;
    allow-query { any; };
};

zone "." IN {
    type master;
    file "wildcard.zone";
};

The zone file should contain a wildcard (*) record that catches all domains:

$TTL 86400
@ IN SOA ns1.example.com. admin.example.com. (
    2023081501 ; Serial
    3600       ; Refresh
    1800       ; Retry
    604800     ; Expire
    86400      ; Minimum TTL
)

@ IN NS ns1.example.com.
* IN A 192.0.2.1
*. IN A 192.0.2.1

If you prefer not to use BIND, consider these alternatives:

dnsmasq Configuration

address=/#/192.0.2.1

CoreDNS Configuration

.:53 {
    template ANY A {
        answer "{{ .Name }} 60 IN A 192.0.2.1"
    }
}

After setting up your DNS server, verify it works with these commands:

dig @your.dns.server anydomain.com
nslookup randomname.test 127.0.0.1

Both commands should return your configured IP address (192.0.2.1 in our examples).

When implementing this solution at scale:

  • Enable query caching in BIND to reduce CPU load
  • Consider rate limiting if exposed to the public internet
  • Monitor DNS query logs for unusual patterns

This configuration has several security considerations:

  • Never expose this to the public internet without authentication
  • Use firewall rules to restrict access
  • Consider implementing DNS-over-TLS for encrypted queries