BIND DNS and RFC 952
Ladislav Vobr
lvobr at ies.etisalat.ae
Sat Mar 6 06:10:48 UTC 2004
I think some L4-7 switches (Cisco, Alteon...) can do it, you can create
a filter on L5 and put regexp for the domain name, and the switch can
blackhole it.
L4-7 switch is quite complicated device, which might introduced more
problems into your setup then it might solve itself:-) so it is not
generally used / recomended in dns, but in some situations it might
help. ( this is my opinion:-) )
Ladislav
Kevin Darcy wrote:
> J Marquez wrote:
>
>
>>Hi folks,
>>
>>Does anyone know how to avoid translate addresses of domains that doesnt match RFC 952 for BIND 8.2.4? (We have Cache DNS's).
>>
>>We dont want our DNS treat the domains that doesnt match the RFC, because we are receiving many queries of domains that finish in "!" or "_" or many other characters that we are sure we dont want to translate and increases the CPU load.
>>
>>So can anybody help us to avoid this?
>>
>>
>
> I think what you are asking is: "can we simply ignore, i.e. not answer,
> queries for non-RFC-952-compliant names?". There is no way to do this in
> BIND. BIND has a "blackhole" feature, but it's based on client source
> address, not on name or (as you would need) string-matching or
> regular-expression-matching against the queried name.
>
> It would be a pretty pointless feature anyway, since the clients would
> just retry the queries if you fail to answer them...
>
>
> - Kevin
>
>
>
More information about the bind-users
mailing list