[73347] in North American Network Operators' Group
Re: DNS Blocking
daemon@ATHENA.MIT.EDU (Paul Vixie)
Thu Aug 19 15:08:45 2004
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 19 Aug 2004 19:03:28 +0000
In-Reply-To: <20040819141959.K54585@prime.gushi.org>
Errors-To: owner-nanog-outgoing@merit.edu
danm@prime.gushi.org ("Dan Mahoney, System Admin") writes:
> What I was basically asking for was a "silently drop queries for X-domain"
> option. But one doesn't exist in bind.
take a look at www.as112.net to see what happens to queries for
10.in-addr.arpa and its brothers. you can easily set up a zone
that will just confuse and make errors for whoever queries it:
@ SOA localhost hostmaster.localhost
NS localhost
localhost A 127.0.0.1
* MX 0 localhost
A 127.0.0.1
(the specific name "localhost" is nec'y because glue searches
aren't required to find wildcards.)
if you put a zone like that in place on a server that's receiving
unwanted queries for some zone, they will soon stop, or not. you
win either way -- the queries stop, or you laugh your ass off.
--
Paul Vixie
