> That is, if we know that a symbolic address is malign, is there some way > to > refuse to resolve it or change its resolution when an internal users asks > for > its resolution?
Two different ways of doing this: - configure your BIND to believe it's authoritative for the address(es) in question by configuring it as a zone or, if you run a recent enough version of BIND: - set up RPZ, it really is easy to implement (and has the advantage of scaling nicely with multiple servers as well - configure the RPZ zone somewhere and let normal zone transfers copy it to the other servers you have as well) Regards Eivind Olsen eiv...@aminor.no _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
