blocking resolving for 10.X.X.X addresses

Joseph S D Yao jsdy at center.osis.gov
Mon Oct 28 13:48:29 UTC 2002


On Mon, Oct 28, 2002 at 12:54:02PM +0000, Steve Foster wrote:
> basically our customers have our resolver listed to resolve from, however
> some obviously want to resolve private addresses locally, which is fair
> enough, simple client change, however if for some reason the private
> address isn't resolvable locally, then their request will hit our
> resolvers, which are trying to doa  lookup on the net before eventually
> timing out...this can take up to 2 mins...i just basically want to either
> dump these requests or give a null result back to the client from our
> resolvers..

If you want others to resolve 10.* addresses in other ways, the
following should be in a "view" seen only by those sites.

In named.conf:

zone "10.in-addr.arpa"	{
	type master;
	file "zone.10";
};

In zone.10:

$TTL	16d

@	SOA	ns.myhost.domain.example. hostmaster at domain.example. (
		... )

	NS	myhost.domain.example.
	NS	...

*	PTR	not-a-legal-address-per-myhost.domain.example.

-- 
Joe Yao				jsdy at center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support					EMT-B
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.


More information about the bind-users mailing list