Bogus server vs. blackholing
Kevin Darcy
kcd at daimlerchrysler.com
Mon Jul 24 23:22:21 UTC 2000
named won't forward to a "bogus" address, but as far as I know, it'll still
answer queries from it. When an address is "blackhole"d, named won't even answer
queries from it.
- Kevin
Nicolai Langfeldt wrote:
> Hi,
>
> I'm trying to figure out what the difference between blackholing a
> server and listing it as bogus is, i.e.,
>
> blackhole {
> 10.10.10.10;
> };
>
> versus
>
> server 10.10.10.10 {
> bogus yes;
> };
>
> Examining the source code (BIND 8.2.2-P5) I find this in
> src/bin/named/ns_forw.c, line 648:
>
> #ifdef BOGUSNS
> /*
> * Don't forward queries to bogus servers. Note
> * that this is unlike the previous tests, which
> * are fatal to the query. Here we just skip the
> * server, which is only fatal if it's the last
> * server. Note also that we antialias here -- all
> * A RR's of a server are considered the same server,
> * and if any of them is bogus we skip the whole
> * server. Those of you using multiple A RR's to
> * load-balance your servers will (rightfully) lose
> * here. But (unfortunately) only if they are bogus.
> */
> if (ip_match_address(bogus_nameservers, nsa) > 0)
> goto skipserver;
> #endif
> if (server_options->blackhole_acl != NULL &&
> ip_match_address(server_options->blackhole_acl,
> nsa) == 1)
> continue;
>
> server ... { bogus yes; } statements enters servers in the
> bogus_nameserver acl. The skipserver label is right before the
> closing brace of the loop so the goto is equivament to a continue.
> But, the comment is the interesting bit. It appears to say that a
> bogus listed server will be "antialiased", meaning that all the
> servers addresses will be equaly bogus. I can understand this if it
> was possible to enter bogus servers by name, but you can't, it's a
> syntax error. You can only enter them by IP#. And then I can't see
> how this anti-aliasing is supposed to happen?
>
> As far as I can understand "bogus yes" is quivalent to blackholing the
> server? Any other suggestions?
>
> Thanks,
> Nicolai
More information about the bind-users
mailing list