rfc1918 ns records coming from internet are queried?
Chris Buxton
cbuxton at menandmice.com
Wed Nov 26 00:36:47 UTC 2008
On Nov 25, 2008, at 4:23 PM, David Sparks wrote:
> Mark Andrews wrote:
>> In message <492C8CDD.2090008 at ca.sophos.com>, David Sparks writes:
>>> Problem: when querying asdf.ad.rice.edu, bind sends queries into
>>> my local
>>> network (specifically to 10.129.92.100, which is not a ns) which I
>>> find
>>> undesirable.
>>
>> Mark the servers as bogus.
>
> Doesn't that only work on a server by server basis? rice.edu is
> just an
> example ... I'm looking for a way to set a policy that named wont
> query
> rfc1918 nameserver addresses returned from a non-rfc1918 query.
> Would this be
> a bad policy?
You could use netmasks with your server statements, like this:
server 10.0.0.0/8 {
bogus yes;
};
server 172.16.0.0/12 {
bogus yes;
};
server 192.168.0.0/16 {
bogus yes;
};
You could even then override this for specific servers in those
ranges, by using statements without netmasks (or more specific
netmasks).
Chris Buxton
Professional Services
Men & Mice
More information about the bind-users
mailing list