On 16.09.17 07:01, Omid Kosari via bind-users wrote:
2nd scenario is mine . Upstream manipulated everything on 53 tcp/udp . Even
if i query a non-existent dns-server it returns result ;)
Note:1.2.3.4 is not what they really return . I've changed it for privacy .
why? it's your ISP, there's no need to hide IP they send to you...
it's not your privacy, is it?
But it is one fixed ip address which returns in case of manipulation occurs
I think you could translate that IP to NXDOMAIN using RPZ.
btw, dnsmasq has "bogus-nxdomain" option for this. When you forward
togoogle, you could use dnsmasq as well.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
