Blackhole option statement in BIND
Samuel Hills
sam at pns.edu
Fri Nov 30 02:31:22 UTC 2007
I like the blackhole option, but, it only seems to work for the global
options in the bind.conf file.
Is there any way it can be used for individual zones in future releases of
BIND?
It would be alot more useful for me that way, I could for example, blackhole
the root zone to prevent floods of invalid queries. This is the behaviour in
tinydns, I believe.
The closest I've got to this is using the allow-query statement and setting
it to "none" to make all invalid queries that my nameservers are not
authoritative for to return REFUSED. I want invalid queries to be dropped
completely, rather than REFUSED being sent. Having the blackhole option
available for individual zones (rather than just global) would make this
possible. I am sure there would be other good reasons to add this feature
too, for example, if you want to block certain zones from resolving for
certain people, but not all zones.
Samuel Hills
More information about the bind-users
mailing list