nslookup query
Kevin Darcy
kcd at daimlerchrysler.com
Fri Oct 19 01:41:34 UTC 2001
You should completely separate your DNS *hosting* function from your
DNS *resolution* function. Then you can specify "recursion no" as an option on
your hosting server(s) and the only information that will be available to
clients from that server is data from its authoritative zones.
A more selective way to limit recursion is the "allow-recursion" option, but
this is a bastard compromise: unless you make a strict separation between
recursive and non-recursive functions, external clients will still be able to
get answers out of your cache (since your server doesn't need to recurse to
provide those answers).
- Kevin
Tomas Jankauskas wrote:
> Hello,
>
> How can I prevent bind from responding to query about domains I do not host?
> For example:
>
> >>>host www.somehost.com ns3.europe.yahoo.com
> >>>Using domain server:
> >>>Name: ns3.europe.yahoo.com
> >>>Address: 217.12.4.71#53
> >>>Aliases:
>
> >>>nslookup www.somehost.com ns3.europe.yahoo.com
> >>>Server: ns3.europe.yahoo.com
> >>>Address: 217.12.4.71#53
>
> >>>Non-authoritative answer:
> >>>*** Can't find www.somehost.com: No answer
>
> there was no response, but if I ask about domain it owns, i got response:
>
> >>>host www.yahoo.com ns3.europe.yahoo.com
> >>>Using domain server:
> >>>Name: ns3.europe.yahoo.com
> >>>Address: 217.12.4.71#53
> >>>Aliases:
> >>>
> >>>www.yahoo.com. is an alias for www.yahoo.akadns.net.
>
> ACL is only for IP-host based preventions to query, but not domain names.
> So, how can I do that?
>
> Tom
More information about the bind-users
mailing list