Negative zones; NXDOMAIN responses
Mark Andrews
marka at isc.org
Tue May 21 01:03:52 UTC 2013
The simplest solution is to slave the root zone and
turn off notify to so you don't spam the official
root servers. 192.5.5.241 is f.root-servers.net.
zone "." IN {
type slave;
file "slave/root";
masters { 192.5.5.241; };
notify no;
};
If you want to use DNSSEC to validate the contents then
you can use views to achieve this.
managed-keys {
. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=";
};
view "secure" {
match-clients { localnets; };
match-recursive-only yes;
zone . {
type static-stub;
server-addresses { 127.0.0.1; };
};
};
view "external" {
recursion no;
allow-recursion { none; };
zone "." IN {
type slave;
file "slave/root";
masters { 192.5.5.241; };
notify no;
};
};
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list