Stopping a query to a domain

[Kevin Darcy]

Diego Balgera wrote:

> "Ralf Hildebrandt" <Ralf.Hildebrandt at innominate.com> wrote in message
> news:980bip$241 at pub3.rc.vix.com...
> >
> > On Mon, Mar 05, 2001 at 01:51:15PM +0000, Diego Balgera wrote:
> > > Hi smart guys,
> > > I have a simple question (I know that it is odd, but there is a reason).
> > > I have a dns (bind 8.2.2) integrated in a dns tree.
> > > When the name server receives a query towards a specified subdomain, it
> has
> > > to stop it, simulating the condition do not have that subtree integrated
> in
> > > the dns hierarchy. The result is that the server has not to translate
> the
> > > name into the ip address (in case of A queries), but it must give a
> negative
> > > answer.
> > > Is it possible? Do you have any suggestion?
> >
> > Simply deny the query for that host.
> >
> >
>
> Sorry, but I dont' understand the answer. My requirement is, for example:
>
> - the resolver queries "hostname-a.domain-a.com.", my nameserver allows the
> query and asks the root server to be able to translate the name into the ip
> address.
>
> - the resolver queries "hostname-b.domain-b.com.", I wrote somewhere in the
> nameserver configuration that the query suffixed with "domain-b.com." is
> disallowed, my nameserver disallows the query and answer back to the
> resolver with a negative answer.

You could define a domain-b.com" master zone on the nameserver, with the zone
file containing only an SOA and NS record for the domain. By itself, that will
return NXDOMAIN for anything under the domain, e.g. "hostname-b.domain-b.com".
It will, however, still answer with the SOA and NS records for the zone. If you
want to send back REFUSED for all queries of the domain, including the domain
SOA and NS records, you could put "allow-query { none; };" in the zone
definition.


- Kevin