I propose that some checking script be in place which does a DNS lookup to the ge00-provided name server addresses, and if it returns data, then BIND be configured normally. If this look-up fails, BIND should be configured as a forwarder to the dhcp-provided name servers.
The problem is that BIND 9 issues upstream queries with recursion desired = 0, and then we get back strange answers from captive, walled garden DNS servers which habitually lie.
The “fix” is to just take what we get. It’s either right (in which case validation may work) or bad (in which case it will not).
Possibly one should add UI options to enable/disable validation and enable/disable “just forward to my ISP” options for BIND.
I’d ask Evan if he can send it along.
what is stopping this patch from ending up in bind itself? Carrying out of tree patches is no fun.
I set up the forwarder’s file manually, and it worked some of the time. Needs to be setable in a bind UI