On Dec 18, 2009, at 12:33 PM, Len Conrad wrote:
> bind 9.6.1-P1
>
> named-checkconf /etc/namedb/named.conf
> ... ok
>
> (in global options)
>
> options {
> allow-recursion { mynets; } ;
> blackhole { !mynets; } ;
> };
I could be wrong, but wouldn't that be:
blackhole { ! mynets; any; };
? To my understanding, without the "any" item, the ACL doesn't match anything
at all - no IP is blackholed.
Of course, if you blackhole anything not local, your server will not be able to
recurse out to the Internet - blackhole applies to the sending of queries in
addition to the receiving of queries. I believe you will need to settle for
"allow-query" instead of "blackhole". Something like this:
options {
allow-query { mynets; };
};
Again, I could be wrong, but I don't think allow-recursion is needed in this
case.
Chris Buxton
Professional Services
Men & Mice
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
