Jeremy C. Reed wrote: > Thank you very much for testing the alpha release.
My pleasure! I had a workaround resulting in dns-rebind protection in my pdnsd[1] resolver, but pdnsd doesn't support dnssec and a few other features. [1] http://www.phys.uu.nl/~rombouts/pdnsd.html >> deny-answer-addresses { >> 127/8; 192.168/16; 10/8; 172.16/12; >> } except-from { >> "zen.spamhaus.org"; >> "dnsbl-1.uceprotect.net"; >> "dnsbl-1.uceprotect.net"; > > This is repeated, resulting in "already exists" (via the RBT code). > > Maybe we can improve the configuration failure logging for this. Now do I believe that! I must have read these lines dozens of times but missed the obvious duplication! > Not supported in a type forward zone. "deny-answer-addresses" might be helpful in forwarding and maybe even server zones. clemens _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
