fake-iquery
Jim Reid
jim at rfc1035.com
Tue Apr 3 10:33:05 UTC 2001
>>>>> "hhoxha" == hhoxha <hhoxha at atnet.com.al> writes:
hhoxha> Hi everybody. I wanted to ask a question that could be
hhoxha> simple but i am not finding any hint. Is that possible to
hhoxha> apply the fake-iquery option directive to just a single
hhoxha> host or a single acl.???
No. Kill the host that generates these stupid and obsolete queries.
The only thing that uses inverse queries are very old versions of
nslookup. These deserve to die horribly. Come to think of it, any
version of nslookup deserves a horrible death. :-)
hhoxha> And the secondly is there anyway to change the the default
hhoxha> response that a host being refused to ask query receives
hhoxha> from the server i mean replacing "query refused" with
hhoxsa> something else??
No. If your server refuses a query, it's supposed to return a REFUSED
error code in the reply. From Section 4.1.1 of RFC1035:
RCODE Response code - this 4 bit field is set as part of
responses. The values have the following
interpretation:
...
5 Refused - The name server refuses to
perform the specified operation for
policy reasons. For example, a name
server may not wish to provide the
information to the particular requester,
or a name server may not wish to perform
a particular operation (e.g., zone
transfer) for particular data.
hhoxha> "queries" "response-checks" categories says something
hhoxha> about it but i am not sure.
They don't. The queries logging category is used to log all the
queries the server receives. response-checks logs the errors your name
server finds in the answers it gets back from other name servers.
More information about the bind-users
mailing list