Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Blackhole option statement in BIND

345 views
Skip to first unread message

Samuel Hills

unread,
Nov 29, 2007, 9:31:22 PM11/29/07
to
I like the blackhole option, but, it only seems to work for the global
options in the bind.conf file.
Is there any way it can be used for individual zones in future releases of
BIND?
It would be alot more useful for me that way, I could for example, blackhole
the root zone to prevent floods of invalid queries. This is the behaviour in
tinydns, I believe.
The closest I've got to this is using the allow-query statement and setting
it to "none" to make all invalid queries that my nameservers are not
authoritative for to return REFUSED. I want invalid queries to be dropped
completely, rather than REFUSED being sent. Having the blackhole option
available for individual zones (rather than just global) would make this
possible. I am sure there would be other good reasons to add this feature
too, for example, if you want to block certain zones from resolving for
certain people, but not all zones.
Samuel Hills


Chris Buxton

unread,
Nov 29, 2007, 10:58:49 PM11/29/07
to
That would violate RFC. A name server that does not receive any
response at all from a remote server should consider that remote
server to be offline. This would affect the running RTT value for that
remote server.

The blackhole statement should be used for subnets that you just plain
never want to talk to at all.

Never consider any behavior of tinydns to be necessary correct
according to RFC. It simply works most of the time, and for what it
does, it (apparently) works well. (I've never actually used it - the
setup procedure offends my sensibilities.) But by my observation,
Prof. Bernstein has had an adversarial relationship with the standards
and their maintainers.

Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone: +354 412 1500
Email: cbu...@menandmice.com
www.menandmice.com

Men & Mice
We bring control and flexibility to network management

This e-mail and its attachments may contain confidential and
privileged information only intended for the person or entity to which
it is addressed. If the reader of this message is not the intended
recipient, you are hereby notified that any retention, dissemination,
distribution or copy of this e-mail is strictly prohibited. If you
have received this e-mail in error, please notify us immediately by
reply e-mail and immediately delete this message and all its attachment.

0 new messages