How to block part of a zone
Merijntje Tak
bind-users at gallische-dorp.net
Wed Sep 17 10:32:36 UTC 2014
On 16-09-14 18:20, King, Harold Clyde (Hal) wrote:
> Resolve all traffic for example.com from example.com¹s dns servers, but
> stop badhost.example.com.
Ideally you would use RPZ records for this purpose. You can override
single records with another record. RPZ is only available in bind 9.8+.
An example:
--- Config:
options {
response-policy { zone "rpz.int.mtak.nl"; };
};
zone "rpz.int.mtak.nl" {
type master;
file "/etc/bind/db/rpz.int.mtak.nl.zone";
allow-transfer { slaves; };
};
--- Zone file:
@ IN SOA localhost. root.localhost. (
2014072602 ; serial
3H ; refresh
1H ; retry
1W ; expiry
1H) ; minimum
IN NS localhost.
badhost.example.com IN CNAME yourcompanywebsite.com ;or
alternatively
badhost.example.com IN A 0.0.0.0
---
mtak
More information about the bind-users
mailing list