Disable response to specific query in BIND
KSP
ksp at att.com
Tue Jun 22 18:20:01 UTC 2004
On a more recent version of BIND, yes it is.
(from Bv9ARM)
---snip---
allow-query
Specifies which hosts are allowed to ask ordinary DNS questions.
allow-query may also be specified in the zone statement, in which case it
overrides the options allow-query statement. If not specified, the default
is to allow queries from all hosts.
---snip---
ksp
On Tue, 21 Jun 2004, Sonorix wrote:
> Is allow-query directive suitable in zone definition?
>
> Jun 22 10:29:54 cns01 named[14423]: 'allow-query' option for
> non-{master,slave,stub} zone 'aaa.com'
> Jun 22 10:29:54 cns01 named[14423]: zone 'aaa.com' did not validate,
> skipping
> Jun 22 10:29:54 cns01 named[14423]: AF_INET6: address family not
> supported
> Jun 22 10:29:54 cns01 named[14423]: Forwarding source address is
> [0.0.0.0].32779
> Jun 22 10:29:54 cns01 named[14423]: Ready to answer queries.
>
> Barry Margolin <barmar at alum.mit.edu> wrote in message news:<cb77mk$1vrj$1 at sf1.isc.org>...
> > In article <cb74kh$1ofo$1 at sf1.isc.org>, jckim at kidc.net (Sonorix) wrote:
> >
> > > Hi..
> > >
> > > I'm trying to find a way to restrict response to specific domain query.
> > >
> > > for example,
> > > For the query about some hosts in "aaa.com",
> > > I don't want to make recursive lookup for that domain, only
> > > want to disconnect that requests or something like that.
> > >
> > > Which is the best way?
> > >
> > > For workaround, I made a zone file that have only loopback addresses for
> > > all hosts and load it for some domains to get above goals.
> >
> > zone "aaa.com" {
> > type forward;
> > forwarders { <any address>; };
> > allow-query { none; };
> > };
>
>
More information about the bind-users
mailing list