Blocking access
sam
sam at boychip.net
Wed Jun 7 01:03:52 UTC 2006
Lou Goddard wrote:
> Check out black hole in named.conf
>
> Taken from the Bind ARM:
> "blackhole Specifies a list of addresses that the server will not accept queries from or use to resolve a query. Queries from these addresses will not be responded to. The default is none."
>
> For more information see the BIND Administrator's Reference Manual ( Bind ARM )
>
> http://www.isc.org/index.pl?/sw/bind/bind9.2.php
>
>
Hi,
I added an acl and use blackhole in the option clause, but after
reloaded named.conf file with ndc reload command, nslookup still able to
show its IPs.
acl "google_desktops" {
72.14.219.99;
72.14.219.104;
72.14.219.147;
};
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
blackhole {
// Deny anything from the google_desktops networks as
// detailed in the "google_desktops" ACL.
google_desktops;
};
forwarders {
10.0.0.8;
10.0.0.9;
10.0.0.10;
};
....
};
# ping outbound_sac.enable.desktop.google.com
ping: cannot resolve outbound_sac.enable.desktop.google.com: Unknown
server error
# nslookup outbound_sac.enable.desktop.google.com
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
Name: desktopservices.l.google.com
Addresses: 72.14.219.104, 72.14.219.147, 72.14.219.99
Aliases: outbound_sac.enable.desktop.google.com
Any idea?
S
> -----Original Message-----
> From: bind-users-bounce at isc.org on behalf of sam
> Sent: Tue 6/6/2006 6:39 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: Blocking access
>
> Hi,
>
> Does anyone know how to block access to a.b.c.d server at DNS level?
>
> Thanks
> S
>
>
>
>
>
>
More information about the bind-users
mailing list