Drop forwarded requests

[Kevin Darcy]

gagadget at free.fr wrote:
> Hi listers,
>
> Is there a way to prevent BIND to answer frowarded requests ?
>
> For local uses, somebody has setup a DNS on our network ( very large network ),
> his server is forwarding all requests it can't answer. We asked him several
> times to shut down his server but he won't. For security reasons, we don't do
> forwarding on our servers so we would like to deny his forwarded requests
> without deny all his requests.
>   
It's not clear what requests you want to block. What requests are you 
getting from him that *aren't* forwarded requests? If you just want to 
block recursive requests generally, you can use "allow-recursion" and/or 
"allow-query-cache", as Barry suggested. Another option to look into 
would be to set up an "empty" view solely for recursive clients -- that 
would have the advantage of terminating the lookups, as opposed to a 
REFUSED response which might result in the client just trying a 
different resolver.

Or, as Danny Mayer pointed out, why are you trying to use a technical 
band-aid on what is essentially an administrative problem? Your first 
line of attack should be to get them to fix the bad behavior, although 
I'm sympathetic to the fact that in a large corporation sometimes it's 
difficult to get the right people on board for that kind of action...

                                                                         
                  - Kevin