Creating a blackhole zone...
Grant Taylor
gtaylor at tnetconsulting.net
Sun Dec 24 06:13:16 UTC 2017
On 12/23/2017 02:11 PM, Michelle Konzack wrote:
> I try to blackhole several 1000 domains and try to redirect them to the
> host <block.itsystems.tamay-dogan.net>
It looks like you're trying to load zones that are sharing a zone file
in an effort to black hole them.
I would strongly advise you look at Response Policy Zones as I suspect
this is a better way to accomplish this goal. Further, it will do so
without the load of all the identical zones.
> I have following files:
>
> ----[ /etc/bind/blackhole.zones ]---------------------------------------
> @ 86400 IN SOA dns1.tamay-dogan.net.
> hostmaster.tamay-dogan.net. ( 1514061768 86400 86400 2419200 86400 )
>
> IN NS dns1.tamay-dogan.net.
>
> IN CNAME block.itsystems.tamay-dogan.net.
> * IN CNAME block.itsystems.tamay-dogan.net.
I see two things.
1) You can't have a CNAME at the apex of the zone because it can't live
with other records, like NS and SOA.
2) I'm not confident that you can use a CNAME with a wildcard record.
If you are really wanting to do the wildcard CNAME, I would suggest that
you look at a DNAME record so that anything under the DNAME record owner
(the zone in this case) will reflect something else. (At least that's
my understanding of how DNAME records work.)
> What have I overseen here?
Reply if you have any additional questions after my comments above.
> Thanks in avance and Merry X-Mas
You're welcome.
Merry Christmas to you and yours too.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20171223/546a74d1/attachment.bin>
More information about the bind-users
mailing list