Negative zones; NXDOMAIN responses
Chris Buxton
clists at buxtonfamily.us
Mon May 20 15:36:45 UTC 2013
On May 20, 2013, at 12:51 AM, Narcis Garcia <informatica at actiu.net> wrote:
> - Yes, I thought about not using DNS from the same internet provider,
> but wanted to know if there is a way to patch only the .local response.
>
> - This is the configuration I use in one of the LANs:
>
> view "local-nets" {
> match-clients { acl_local-nets; };
> recursion yes;
> forwarders {
> 62.151.2.8;
> };
> include "/etc/bind/named.conf.default-zones";
> }
>
> - These are the tests to be done from a client:
> $ host -t SOA local.
> $ host -t SOA local. 62.151.2.8
>
> - I've tried to create an empty zone, or lacking of A or SOA records,
> but then BIND9 doesn't load it:
> zone local/IN: has 0 SOA records
> zone local/IN: has no NS records
> zone local/IN: not loaded due to errors.
>
> - I'm using BIND 9.7.3 from Debian 6, and I see that I need to upgrade
> to BIND 9.8.4 from Debian 7 to configure an RPZ zone.
> But I'm not sure if it's useful for SOA records.
For the time being, .local is not delegated from the root. So just not using your ISP's resolvers will do what you want -- recurse directly to the Internet.
There is no way to create an empty .local zone that won't have even an SOA record. I'm not sure if you could do this via RPZ -- probably -- but why bother when you could just remove your ISP's servers from the equation?
Regards,
Chris
More information about the bind-users
mailing list