Bogus server vs. blackholing

Kevin Darcy kcd at daimlerchrysler.com
Mon Jul 24 23:22:21 UTC 2000 

named won't forward to a "bogus" address, but as far as I know, it'll still
answer queries from it. When an address is "blackhole"d, named won't even answer
queries from it.


- Kevin

Nicolai Langfeldt wrote:

> Hi,
>
> I'm trying to figure out what the difference between blackholing a
> server and listing it as bogus is, i.e.,
>
>   blackhole {
>      10.10.10.10;
>   };
>
> versus
>
>   server 10.10.10.10 {
>      bogus yes;
>   };
>
> Examining the source code (BIND 8.2.2-P5) I find this in
> src/bin/named/ns_forw.c, line 648:
>
> #ifdef BOGUSNS
>                         /*
>                          * Don't forward queries to bogus servers.  Note
>                          * that this is unlike the previous tests, which
>                          * are fatal to the query.  Here we just skip the
>                          * server, which is only fatal if it's the last
>                          * server.  Note also that we antialias here -- all
>                          * A RR's of a server are considered the same server,
>                          * and if any of them is bogus we skip the whole
>                          * server.  Those of you using multiple A RR's to
>                          * load-balance your servers will (rightfully) lose
>                          * here.  But (unfortunately) only if they are bogus.
>                          */
>                         if (ip_match_address(bogus_nameservers, nsa) > 0)
>                                 goto skipserver;
> #endif
>                         if (server_options->blackhole_acl != NULL &&
>                             ip_match_address(server_options->blackhole_acl,
>                                              nsa) == 1)
>                                 continue;
>
> server ... { bogus yes; } statements enters servers in the
> bogus_nameserver acl.  The skipserver label is right before the
> closing brace of the loop so the goto is equivament to a continue.
> But, the comment is the interesting bit.  It appears to say that a
> bogus listed server will be "antialiased", meaning that all the
> servers addresses will be equaly bogus.  I can understand this if it
> was possible to enter bogus servers by name, but you can't, it's a
> syntax error.  You can only enter them by IP#.  And then I can't see
> how this anti-aliasing is supposed to happen?
>
> As far as I can understand "bogus yes" is quivalent to blackholing the
> server?  Any other suggestions?
>
> Thanks,
>   Nicolai

More information about the bind-users mailing list