Disable Refused answer
Kevin Darcy
kcd at chrysler.com
Thu Dec 3 18:16:05 UTC 2009
Chris Buxton wrote:
> On Dec 2, 2009, at 6:40 AM, Dmitry Rybin wrote:
>
>
>> Hello!
>>
>> I can't find in docs how disable answer (Refused), if recursion for IP is not allowed?
>>
>
> Something like this should work:
> _________________________________
>
> options {
> directory "/var/named";
> };
>
> acl authorized-clients {
> 192.0.2.1;
> };
>
> view caching-server {
> match-recursive-only yes;
> blackhole { ! authorized-clients; any; };
> // any other resolution configuration goes here
> };
>
> view auth-server {
> // zones go here
> };
>
"This should work" <--- one of the scariest phrases in the computing
field :-)
Unfortunately, "blackhole" can only appear the (global) "options" clause:
% cat /tmp/buxton.example
options {
directory "/tmp";
};
acl authorized-clients {
192.0.2.1;
};
view caching-server {
match-recursive-only yes;
// any other resolution configuration goes here
blackhole { ! authorized-clients; any; };
};
% ./named-checkconf /tmp/buxton.example
/tmp/buxton.example:12: unknown option 'blackhole'
% ed /tmp/buxton.example
218
12m2
1,$p
options {
directory "/tmp";
blackhole { ! authorized-clients; any; };
};
acl authorized-clients {
192.0.2.1;
};
view caching-server {
match-recursive-only yes;
// any other resolution configuration goes here
};
w
218
q
% ./named-checkconf /tmp/buxton.example
%
- Kevin
More information about the bind-users
mailing list