Mark Andrews wrote: > In message <[EMAIL PROTECTED]>, David Sparks writes: >> Problem: when querying asdf.ad.rice.edu, bind sends queries into my local >> network (specifically to 10.129.92.100, which is not a ns) which I find >> undesirable. > > Mark the servers as bogus.
Doesn't that only work on a server by server basis? rice.edu is just an example ... I'm looking for a way to set a policy that named wont query rfc1918 nameserver addresses returned from a non-rfc1918 query. Would this be a bad policy? ds > >> Is there any way to disable this behavior? Is it expected that bind queries >> rfc1918 nameserver addresses from non-rfc1918 queries? I would've expected >> something along the lines of "error: ... RFC 1918 response from Internet for >> ...". >> >> >> $ dig @ns1.rice.edu asdf.ad.rice.edu >> >> ; <<>> DiG 9.4.1-P1 <<>> @ns1.rice.edu asdf.ad.rice.edu >> ; (1 server found) >> ;; global options: printcmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52793 >> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4 >> ;; WARNING: recursion requested but not available >> >> ;; QUESTION SECTION: >> ;asdf.ad.rice.edu. IN A >> >> ;; AUTHORITY SECTION: >> ad.rice.edu. 3600 IN NS support-dc7.rice.edu. >> ad.rice.edu. 3600 IN NS support-dc6.rice.edu. >> ad.rice.edu. 3600 IN NS support-dc5.rice.edu. >> ad.rice.edu. 3600 IN NS support-dc4.rice.edu. >> >> ;; ADDITIONAL SECTION: >> support-dc7.rice.edu. 3600 IN A 10.136.93.4 >> support-dc6.rice.edu. 3600 IN A 128.42.18.16 >> support-dc5.rice.edu. 3600 IN A 10.129.92.100 >> support-dc4.rice.edu. 3600 IN A 128.42.18.223 >> >> ;; Query time: 82 msec >> ;; SERVER: 128.42.209.32#53(128.42.209.32) >> ;; WHEN: Tue Nov 25 15:29:48 2008 >> ;; MSG SIZE rcvd: 202 _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
