On Dec 3 2009, Bill Larson wrote:
[...]
Then again, I've never been sure what the original requester was asking
for. If he didn't want to give an answer out to someone on a particular
network, then the "blackhole" option would seem to be a perfect solution in
the first place.
| blackhole
|
| Specifies a list of addresses that the server will not accept
| queries from or use to resolve a query. [...]
^^^^^^^^^^^^^^^^^^^^^^^^^
So it's not suitable for blocking out large chunks of the external world
which may contain nameservers you need to to do recursive lookups.
[It's never been entirely clear to me why these functions have to be
combined, especially given that "server [ipaddr/len] {bogus yes;};"
can be used to block outgoing queries.]
--
Chris Thompson
Email: c...@cam.ac.uk
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
