blocking resolving for 10.X.X.X addresses
Joseph S D Yao
jsdy at center.osis.gov
Mon Oct 28 13:48:29 UTC 2002
On Mon, Oct 28, 2002 at 12:54:02PM +0000, Steve Foster wrote:
> basically our customers have our resolver listed to resolve from, however
> some obviously want to resolve private addresses locally, which is fair
> enough, simple client change, however if for some reason the private
> address isn't resolvable locally, then their request will hit our
> resolvers, which are trying to doa lookup on the net before eventually
> timing out...this can take up to 2 mins...i just basically want to either
> dump these requests or give a null result back to the client from our
> resolvers..
If you want others to resolve 10.* addresses in other ways, the
following should be in a "view" seen only by those sites.
In named.conf:
zone "10.in-addr.arpa" {
type master;
file "zone.10";
};
In zone.10:
$TTL 16d
@ SOA ns.myhost.domain.example. hostmaster at domain.example. (
... )
NS myhost.domain.example.
NS ...
* PTR not-a-legal-address-per-myhost.domain.example.
--
Joe Yao jsdy at center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
More information about the bind-users
mailing list