Blocking reverse lookup queries for private ips
Sachin Patil
04sachin at gmail.com
Wed Nov 23 06:35:55 UTC 2016
Sending this to bind list ... had only sent to Tony by mistake.. !!
On Tue, Nov 22, 2016 at 5:45 PM, Sachin Patil <04sachin at gmail.com> wrote:
> Hello Tony,
> Thank you very much for the reply.
>
> I have configured bind in forward mode.
> My conf file looks like -
>
> options {
>
> directory "/var/cache/named";
>
> pid-file "/var/run/named/named.pid";
>
> recursion yes;
>
> allow-recursion { any; };
>
>
> forwarders {
>
> 8.8.8.8;
>
> 8.8.4.4;
>
> };
>
> forward only;
>
> empty-zones-enable yes;
>
> dnssec-enable yes;
>
> dnssec-validation yes;
>
>
> auth-nxdomain no; # conform to RFC1035
>
> listen-on-v6 { any; };
>
> server-id none;
>
> };
>
>
> Still lookup requests like - nslookup 10.10.2.20 127.0.0.1 are sent to
> 8.8.4.4.
>
>
>
> On Tue, Nov 22, 2016 at 4:27 PM, Tony Finch <dot at dotat.at> wrote:
>
>> Sachin Patil <04sachin at gmail.com> wrote:
>>
>> > I want to return nxdomain for any private ip reverse lookup.
>>
>> BIND does this by default. Look for "built-in empty zones" in
>> https://ftp.isc.org/isc/bind9/cur/9.11/doc/arm/Bv9ARM.ch06.html
>>
>> Tony.
>> --
>> f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h
>> punycode
>> Southeast Iceland: Northerly 4 or 5, becoming variable 3 or 4. Rough
>> becoming
>> moderate. Wintry showers. Good, occasionally moderate.
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20161123/3f7a330e/attachment.html>
More information about the bind-users
mailing list