Disable Refused answer
Chris Thompson
cet1 at cam.ac.uk
Fri Dec 4 11:25:12 UTC 2009
On Dec 3 2009, Bill Larson wrote:
[...]
>Then again, I've never been sure what the original requester was asking
>for. If he didn't want to give an answer out to someone on a particular
>network, then the "blackhole" option would seem to be a perfect solution in
>the first place.
| blackhole
|
| Specifies a list of addresses that the server will not accept
| queries from or use to resolve a query. [...]
^^^^^^^^^^^^^^^^^^^^^^^^^
So it's not suitable for blocking out large chunks of the external world
which may contain nameservers you need to to do recursive lookups.
[It's never been entirely clear to me why these functions have to be
combined, especially given that "server [ipaddr/len] {bogus yes;};"
can be used to block outgoing queries.]
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list