preventing queries to servers

markdv.bind at asphyx.net markdv.bind at asphyx.net
Fri Apr 29 08:34:51 UTC 2005


Hi,

I would like to prevent queries to rcf1918 addresses on a caching
nameserver.

The server has a public IP to which clients query. But it is also
connected to 'back-end' networks using rcf1918 addresses. I would like to
prevent queries sent over this network when public zones contain ns
records resolving to rfc1918 addresses in ranges I also use.

I was thinking along the lines:

server 10.0.0.0/8 {
    bogus yes;
};

but the 'server' statement only allows ip_addr and not ip_prefix... Is
there some other way to achieve the same thing?

wouldn't it be usefull if 'server' also supported ip_prefix? Or even an
acl?

Regards,
Mark.



More information about the bind-users mailing list