On 3/14/2013 6:29 AM, Tony Finch wrote:
King, Harold Clyde (Hal) <h...@utk.edu> wrote:
Is there an option for bind like the allow-recursion { <network-acl> }
For blocking out going records of 10.0.0.0/8 and 192.168.0.0/16 so I could do a
view like:
I'm not sure what you mean by "blocking out going records" but there are a
couple of options that might do what you want:
There is the "blackhole" acl which makes named ignore all requests and
never send queries to a particular address range.
There is the server ... { bogus yes; }; clause which stops named from
sending queries to a particular address range.
I think he wants to strip addresses (A and/or AAAA) of certain ranges
from his outgoing responses. Circa BIND 9.7-ish, there used to be a
focused way to do this (deny-answer-addresses?), but I think the more
"modern" way to accomplish the same thing is with RPZ.
- Kevin
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
