Disallow queries for certain zones
kcd at daimlerchrysler.com
Thu Oct 12 16:05:48 UTC 2006
> Greetings. Is there a way I can disallow queries for a certain zone or
> set of zones? I have 2 uses for this ability. I'd like to not allow
> queries from my internal users to certain zones.
Just set up a dummy version of the zone on your forwarding/resolving
> I also have an
> external domain.tld that chose to point their NS record at my server.
> I am being bombarded for queries. I'd like to configure Bind to not
> give out any answer to those queries. As an alternative I could
> configure a copy of the zone to hand out bogus info that will
> eventually get the domain owners attention. How do I configure Bind to
> return a NXDOMAIN to all queries for records in that zone?
Basically the same answer: create a dummy domain.tld zone, in this case
in your hosting instance(s)/view(s). If you don't have any A records in
the zone, all A-record queries will get NXDOMAIN or NODATA responses. If
you don't have any records in the zone other than at the apex, then all
non-apex queries of all types will get NXDOMAIN. If you want to have
more fun than that, technically, you could put whatever you want in that
zone, e.g. point www.domain.tld at a porn site, a hate group site, a
competitor site to the jerks who pointed their NS records at your
nameservers, etc. Whether any of this is legal or ethical, I'm not
qualified to answer. If you wanted to be nice about it, you could point
www.domain.tld to one of your own webservers (or a vserver within one of
your webservers), with a nice little static web page explaining that
someone's DNS is misconfigured, and perhaps the end-user should contact
the appropriate party and get them to fix it.
More information about the bind-users