Hi list,
recently I updated to bind-9.10 and noticed that an illegal setup was
finally disallowed. Good things, but I (and others I'm sure) kind of
miss-used this ability. With the change however, I am now looking for
help on restoring similar behavior. Let me explain.
As we all know, ads are everywhere and can be quite troublesome. Because
of this I block many known adservers internally via bind. To obtain this
list of adservers, I use http://pgl.yoyo.org/adservers/ which generates
a file with the following syntax: zone "example.com" { type master;
notify no; file "pri/null.zone"; }; The Null zone looks as follows:
; BIND db file for ad servers - point all addresses to an invalid IP
$TTL 864000 ; ten days
@ IN SOA ns0.example.net. hostmaster.example.net. (
2008032800 ; serial number YYMMDDNN
288000 ; refresh 80 hours
72000 ; retry 20 hours
8640000 ; expire 100 days
864000 ) ; min ttl 10 day
NS ns0.example.net.
A 0.0.0.0
* IN A 0.0.0.0
Obviously with this and the many (generated) zones having 1 dummy zone
sounds reasonable logically.
These adservers are included in my 'internal' view as such:
view "internal" {
match-clients { internal; trusted; };
recursion yes;
include "/etc/bind/dlz_internal.conf";
# include "/etc/bind/adservers.conf";
};
Adservers.conf being commented here as bind now fails on this.
My question is, what is a good method to do this with the latest bind. I
tried to find some way to disable updates or mark the view/include as
'read-only' but have not found this out as of yet.
Any tips and tricks appreciated!
Olliver
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
