Disable Refused answer

Chris Thompson cet1 at cam.ac.uk
Fri Dec 4 11:25:12 UTC 2009

On Dec 3 2009, Bill Larson wrote:

>Then again, I've never been sure what the original requester was asking 
>for.  If he didn't want to give an answer out to someone on a particular 
>network, then the "blackhole" option would seem to be a perfect solution in 
>the first place.

| blackhole
|    Specifies a list of addresses that the server will not accept
| queries from or use to resolve a query. [...] 

So it's not suitable for blocking out large chunks of the external world 
which may contain nameservers you need to to do recursive lookups.

[It's never been entirely clear to me why these functions have to be
combined, especially given that "server [ipaddr/len] {bogus yes;};"
can be used to block outgoing queries.]

Chris Thompson
Email: cet1 at cam.ac.uk

More information about the bind-users mailing list