Finer control over REFUSED, e.g. root referrals
Darren Ankney
darren.ankney at gmail.com
Sun Sep 7 10:21:28 UTC 2025
Hi again Fred,
> As for if you are missing something else that would allow you to
> achieve your goal, I'll let others answer.
This was bugging me this morning so I ran a quick second test. It
turns out that allow-query { }; limited to just those IP(s) that
should be able to query the server will return refused to all others.
I set on my test server:
allow-query {
none;
};
And that produced REFUSED on a client:
% dig . TXT @192.168.40.82 +norec
; <<>> DiG 9.10.6 <<>> . TXT @192.168.40.82 +norec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 53007
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 12 ("..")
;; QUESTION SECTION:
;. IN TXT
;; Query time: 11 msec
;; SERVER: 192.168.40.82#53(192.168.40.82)
;; WHEN: Sun Sep 07 06:20:31 EDT 2025
;; MSG SIZE rcvd: 34
Thank you,
Darren Ankney
More information about the bind-users
mailing list