allow-query does not seem to be working
Ray Bellis
ray at isc.org
Mon Aug 8 17:51:00 UTC 2016
On 08/08/2016 18:43, Darcy Kevin (FCA) wrote:
> As already noted, allow-query will cause you to send back a REFUSED
> response. That’s sort of the whole point of the REFUSED RCODE.
>
>
>
> If you want to not send back any response **whatsoever**, then take a
> look at the “blackhole” statement, but, honestly, this kind of “drop”
> function may, depending on network topology, be more efficiently
> performed in your firewall or IDS/IPS.
>
>
>
> Be aware that a client that doesn’t get a response may retry the query,
> so simply “dropping” queries may ultimately prove counter-productive.
and also see Mark Andrew's Internet Draft on this very topic:
https://tools.ietf.org/html/draft-ietf-dnsop-no-response-issue-03
Ray
More information about the bind-users
mailing list