Creating a blackhole zone...

Grant Taylor gtaylor at
Sun Dec 24 06:13:16 UTC 2017

On 12/23/2017 02:11 PM, Michelle Konzack wrote:
> I try to blackhole several 1000 domains and try to redirect them to the 
> host <>

It looks like you're trying to load zones that are sharing a zone file 
in an effort to black hole them.

I would strongly advise you look at Response Policy Zones as I suspect 
this is a better way to accomplish this goal.  Further, it will do so 
without the load of all the identical zones.

> I have following files:
> ----[ /etc/bind/blackhole.zones ]---------------------------------------
> @       86400           IN      SOA
> ( 1514061768 86400 86400 2419200 86400 )
>                          IN NS 
>                          IN CNAME
> *                       IN CNAME

I see two things.

1)  You can't have a CNAME at the apex of the zone because it can't live 
with other records, like NS and SOA.
2)  I'm not confident that you can use a CNAME with a wildcard record.

If you are really wanting to do the wildcard CNAME, I would suggest that 
you look at a DNAME record so that anything under the DNAME record owner 
(the zone in this case) will reflect something else.  (At least that's 
my understanding of how DNAME records work.)

> What have I overseen here?

Reply if you have any additional questions after my comments above.

> Thanks in avance and Merry X-Mas

You're welcome.

Merry Christmas to you and yours too.

Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the bind-users mailing list