On Nov 25, 2008, at 4:23 PM, David Sparks wrote:
Mark Andrews wrote:
In message <[EMAIL PROTECTED]>, David Sparks writes:
Problem: when querying asdf.ad.rice.edu, bind sends queries into
my local
network (specifically to 10.129.92.100, which is not a ns) which I
find
undesirable.
Mark the servers as bogus.
Doesn't that only work on a server by server basis? rice.edu is
just an
example ... I'm looking for a way to set a policy that named wont
query
rfc1918 nameserver addresses returned from a non-rfc1918 query.
Would this be
a bad policy?
You could use netmasks with your server statements, like this:
server 10.0.0.0/8 {
bogus yes;
};
server 172.16.0.0/12 {
bogus yes;
};
server 192.168.0.0/16 {
bogus yes;
};
You could even then override this for specific servers in those
ranges, by using statements without netmasks (or more specific
netmasks).
Chris Buxton
Professional Services
Men & Mice
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
