Blocking private addresses with a optionq
Chris Buxton
clists at buxtonfamily.us
Thu Mar 14 15:57:08 UTC 2013
On Mar 14, 2013, at 3:29 AM, Tony Finch wrote:
> King, Harold Clyde (Hal) <hck at utk.edu> wrote:
>
>> Is there an option for bind like the allow-recursion { <network-acl> }
>> For blocking out going records of 10.0.0.0/8 and 192.168.0.0/16 so I could do a view like:
>
> I'm not sure what you mean by "blocking out going records" but there are a
> couple of options that might do what you want:
>
> There is the "blackhole" acl which makes named ignore all requests and
> never send queries to a particular address range.
>
> There is the server ... { bogus yes; }; clause which stops named from
> sending queries to a particular address range.
No, I'm pretty sure the OP wants to strip records from responses if the records are A records referring to private address space (RFC 1918).
I've no idea how you would do this.
Chris Buxton
BlueCat Networks
More information about the bind-users
mailing list