can bind filter the result
JINMEI Tatuya / 神明達哉
Jinmei_Tatuya at isc.org
Mon Apr 20 19:39:25 UTC 2009
At Mon, 20 Apr 2009 14:55:56 +0800,
Ken Lai <soulhacker511 at gmail.com> wrote:
> let's take an example. my DNS server called SrvA, the outer DNS server
> called SrvB.
>
> normally, the client sent the query to SrvA, and SrvA forwards it to
> SrvB. and SrvA return a result which came from SrvB to the client.
> unfortunately the SrvB sometimes will return a A record that is a
> advertisement site ip to SrvA. so i dont want to respond to client if
> the returned IP address is the Advertisement site address.
>
> filter the domain name may not be suitable.
As already pointed out in this list, if this is specific to the real
recursive server (= SrvB), you probably rather want to reconsider the
use of it in the first place.
If this is not specific to that single server (= SrvB), I doubt
filtering based on the IP addresses of A RRs of responses will be
very effective because there are many such addresses, some of which
may even be changing rapidly.
Regarding the specific question about resource data (e.g. IP address)
based filtering: no, BIND9 currently doesn't provide such filtering.
However, we're now reviewing a kind of such filtering based on
contributed patch (for different purposes than that you described),
and it *may* be included in BIND 9.7. Even so, I suspect the new
filtering feature is not something you want for your purpose as
described above.
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list