[73351] in North American Network Operators' Group
Re: DNS Blocking
daemon@ATHENA.MIT.EDU (Dan Mahoney, System Admin)
Thu Aug 19 15:27:00 2004
Date: Thu, 19 Aug 2004 15:19:32 -0400 (EDT)
From: "Dan Mahoney, System Admin" <danm@prime.gushi.org>
To: Paul Vixie <vixie@vix.com>
Cc: nanog@merit.edu
In-Reply-To: <g3wtzvne67.fsf@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 19 Aug 2004, Paul Vixie wrote:
>
> danm@prime.gushi.org ("Dan Mahoney, System Admin") writes:
>
>> What I was basically asking for was a "silently drop queries for X-domain"
>> option. But one doesn't exist in bind.
>
> take a look at www.as112.net to see what happens to queries for
> 10.in-addr.arpa and its brothers. you can easily set up a zone
> that will just confuse and make errors for whoever queries it:
>
> @ SOA localhost hostmaster.localhost
> NS localhost
> localhost A 127.0.0.1
> * MX 0 localhost
> A 127.0.0.1
>
> (the specific name "localhost" is nec'y because glue searches
> aren't required to find wildcards.)
>
> if you put a zone like that in place on a server that's receiving
> unwanted queries for some zone, they will soon stop, or not. you
> win either way -- the queries stop, or you laugh your ass off.
There weren't rfc1918.
-Dan
> --
> Paul Vixie
>
--
Amerikanskaya firma Transceptor Technology pristupila k poizvodstu komputerov "Personal'ni Sputnik"
--Snap, "The Power"
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
