Disable Refused answer
Chris Buxton
cbuxton at menandmice.com
Thu Dec 3 19:02:24 UTC 2009
On Dec 3, 2009, at 10:16 AM, Kevin Darcy wrote:
> Chris Buxton wrote:
>> On Dec 2, 2009, at 6:40 AM, Dmitry Rybin wrote:
>>> Hello!
>>>
>>> I can't find in docs how disable answer (Refused), if recursion for IP is not allowed?
>>
>>
>> Something like this should work:
>> _________________________________
>>
>> view caching-server {
>> match-recursive-only yes;
>> blackhole { ! authorized-clients; any; };
>> // any other resolution configuration goes here
>> };
>>
>
> "This should work" <--- one of the scariest phrases in the computing field :-)
True, true. It means, of course, "The docs suggest this will work, but I haven't actually tested it."
> Unfortunately, "blackhole" can only appear the (global) "options" clause:
I'm happy to be corrected. You'd never know this from reading the BIND ARM.
From the description of the view statement:
Many of the options given in the options statement can also be used
within a view statement, and then apply only when resolving queries
with that view.
There is no definitive list of the options that can or can not be used in a view. Likewise, the description of the blackhole statement makes no mention of the fact that it's not valid inside a view.
So, to the original poster, we're back to "it can't be done with BIND configuration." Of course, you could hack the BIND source code...
Chris Buxton
Professional Services
Men & Mice
More information about the bind-users
mailing list