Bind/Named 9.9 auth-nxdomain question
Filipe Cifali
cifali at kinghost.com.br
Fri Nov 10 15:52:58 UTC 2017
On 11/10/2017 10:05 AM, Tony Finch wrote:
> Filipe Cifali <cifali at kinghost.com.br> wrote:
>> I need to make an authoritative server that gives 'AA' flags to every query, I
>> would need to set only auth-nxdomain right?
> Don't use auth-nxdomain, it has been obsolete for 15 years.
Ok, I understand that just seems a bit strange that an obsolete option
to not be documented and available to the server?
>
>> I'm running this config:
> That looks like a recursive server configuration to me - there aren't any
> zones configured.
>
> I don't really understand what you are trying to acheive, but if you just
> want to say "no" to everything then you want a config like the following,
> where db.null is the usual empty zone.
>
> options {
> directory "/var/bind";
> additional-from-cache no;
> empty-zones-enable no;
> minimal-responses yes;
> recursion no;
> };
>
> zone "." {
> type master;
> file "db.null";
> };
>
> Tony.
We are running
allow-new-zones yes;
for this setup to work, so we have one file w/ all the zones and configs
that is managed by rndc calls (for adding/flushing/updating/removing)
I'm trying to have an Auth Server that says the auth flags ('aa') even
on NXDOMAIN. This is what the auth-nxdomain should do I suppose.
I'm just trying to stay way from DLZ drivers for their poor performance
in general.
--
...................................................................................................................................................................................................
<https://www.kinghost.com.br>
Filipe Cifali Stangler| ANALISTA DE INFRAESTRUTURA
cifali at kinghost.com.br <mailto:cifali at kinghost.com.br> |
www.kinghost.com.br <https://www.kinghost.com.br>
Tire suas dúvidas gratuitamente: *0800.881.5464*
Capitais e polos regionais: *4003.5464*
Atendimento fora do Brasil e Celulares: *(51) 3301.5464*
banner - email <http://kingho.st/assinatura>
Este e-mail e seus anexos são confidenciais e podem conter informações
privilegiadas ou protegidas contra
divulgação e/ou reprodução. Se você não é o destinatário identificado
acima, por favor, apague esta mensagem
de seu sistema e notifique o remetente imediatamente.
This e-mail message or any attachment thereto are confidential and may
be privileged or otherwise protected
from disclosure and/or reproduction. If you are not intendet recipient,
please delete it from your system and
notify the sender immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20171110/c195c146/attachment.html>
More information about the bind-users
mailing list