BIND DNS and RFC 952
Kevin Darcy
kcd at daimlerchrysler.com
Fri Mar 5 23:23:55 UTC 2004
J Marquez wrote:
>Hi folks,
>
>Does anyone know how to avoid translate addresses of domains that doesnt match RFC 952 for BIND 8.2.4? (We have Cache DNS's).
>
>We dont want our DNS treat the domains that doesnt match the RFC, because we are receiving many queries of domains that finish in "!" or "_" or many other characters that we are sure we dont want to translate and increases the CPU load.
>
>So can anybody help us to avoid this?
>
>
I think what you are asking is: "can we simply ignore, i.e. not answer,
queries for non-RFC-952-compliant names?". There is no way to do this in
BIND. BIND has a "blackhole" feature, but it's based on client source
address, not on name or (as you would need) string-matching or
regular-expression-matching against the queried name.
It would be a pretty pointless feature anyway, since the clients would
just retry the queries if you fail to answer them...
- Kevin
More information about the bind-users
mailing list