Re: Bind/Named 9.9 auth-nxdomain question

Fri, 10 Nov 2017 07:54:07 -0800 

On 11/10/2017 10:05 AM, Tony Finch wrote:

Filipe Cifali <cif...@kinghost.com.br> wrote:

I need to make an authoritative server that gives 'AA' flags to every query, I
would need to set only auth-nxdomain right?

Don't use auth-nxdomain, it has been obsolete for 15 years.



Ok, I understand that just seems a bit strange that an obsolete option 
to not be documented and available to the server?





I'm running this config:

That looks like a recursive server configuration to me - there aren't any
zones configured.

I don't really understand what you are trying to acheive, but if you just
want to say "no" to everything then you want a config like the following,
where db.null is the usual empty zone.

options {
        directory "/var/bind";
        additional-from-cache no;
        empty-zones-enable no;
        minimal-responses yes;
        recursion no;
};

zone "." {
        type master;
        file "db.null";
};

Tony.


We are running

    allow-new-zones yes;


for this setup to work, so we have one file w/ all the zones and configs 
that is managed by rndc calls (for adding/flushing/updating/removing)



I'm trying to have an Auth Server that says the auth flags ('aa') even 
on NXDOMAIN. This is what the auth-nxdomain should do I suppose.



I'm just trying to stay way from DLZ drivers for their poor performance 
in general.


--


................................................................................................................................................................................................... 


<https://www.kinghost.com.br>     
        
        Filipe Cifali Stangler| ANALISTA DE INFRAESTRUTURA

cif...@kinghost.com.br <mailto:cif...@kinghost.com.br> | 
www.kinghost.com.br <https://www.kinghost.com.br>

Tire suas dúvidas gratuitamente: *0800.881.5464*
Capitais e polos regionais: *4003.5464*
Atendimento fora do Brasil e Celulares: *(51) 3301.5464*


banner - email <http://kingho.st/assinatura>

Este e-mail e seus anexos são confidenciais e podem conter informações 
privilegiadas ou protegidas contra
divulgação e/ou reprodução. Se você não é o destinatário identificado 
acima, por favor, apague esta mensagem

de seu sistema e notifique o remetente imediatamente.


This e-mail message or any attachment thereto are confidential and may 
be privileged or otherwise protected
from disclosure and/or reproduction. If you are not intendet recipient, 
please delete it from your system and

notify the sender immediately.


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users





















					Reply via email to