Disable Refused answer
Mark Andrews
marka at isc.org
Thu Dec 3 21:05:33 UTC 2009
In message <DCF41A2C-D461-4E78-82CD-0ADD12051461 at menandmice.com>, Chris Buxton
writes:
> On Dec 3, 2009, at 10:16 AM, Kevin Darcy wrote:
> > Chris Buxton wrote:
> >> On Dec 2, 2009, at 6:40 AM, Dmitry Rybin wrote:
> >>> Hello!
> >>>
> >>> I can't find in docs how disable answer (Refused), if recursion for IP is
> not allowed?
> >>
> >>
> >> Something like this should work:
> >> _________________________________
> >>
> >> view caching-server {
> >> match-recursive-only yes;
> >> blackhole { ! authorized-clients; any; };
> >> // any other resolution configuration goes here
> >> };
> >>
> >
> > "This should work" <--- one of the scariest phrases in the computing field
> :-)
>
> True, true. It means, of course, "The docs suggest this will work, but I have
> n't actually tested it."
>
> > Unfortunately, "blackhole" can only appear the (global) "options" clause:
>
> I'm happy to be corrected. You'd never know this from reading the BIND ARM.
>
> >From the description of the view statement:
>
> Many of the options given in the options statement can also be used
> within a view statement, and then apply only when resolving queries
> with that view.
>
> There is no definitive list of the options that can or can not be used in a v
> iew. Likewise, the description of the blackhole statement makes no mention of
> the fact that it's not valid inside a view.
doc/misc/options gives a definitive list. It is built from the parser.
> So, to the original poster, we're back to "it can't be done with BIND configu
> ration." Of course, you could hack the BIND source code...
>
> Chris Buxton
> Professional Services
> Men & Mice
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list