Drop forwarded requests
Danny Mayer
mayer at gis.net
Sun Dec 2 02:34:47 UTC 2007
Barry Margolin wrote:
> In article <fis8t9$trj$1 at sf1.isc.org>, gagadget at free.fr wrote:
>
>> Hi listers,
>>
>> Is there a way to prevent BIND to answer frowarded requests ?
>>
>> For local uses, somebody has setup a DNS on our network ( very large network
>> ),
>> his server is forwarding all requests it can't answer. We asked him several
>> times to shut down his server but he won't. For security reasons, we don't do
>> forwarding on our servers so we would like to deny his forwarded requests
>> without deny all his requests.
>
> Do you mean you want to allow him to query your authoritative data, but
> not use you as a caching server? Use "allow-recursion" and
> "allow-query-cache" to block him.
I would suggest that if you really want him to shut down his server you
have his boss tell him to do so. If this is really a security issue you
should be able to force this to happen. If this is a political issue
then you need to deal with it politically. Barry's answer is just a
technical answer. You hsven't said why his running his own DNS is a
problem for you.
Danny
More information about the bind-users
mailing list