On Dec 18, 2009, at 12:33 PM, Len Conrad wrote: > bind 9.6.1-P1 > > named-checkconf /etc/namedb/named.conf > ... ok > > (in global options) > > options { > allow-recursion { mynets; } ; > blackhole { !mynets; } ; > };
I could be wrong, but wouldn't that be: blackhole { ! mynets; any; }; ? To my understanding, without the "any" item, the ACL doesn't match anything at all - no IP is blackholed. Of course, if you blackhole anything not local, your server will not be able to recurse out to the Internet - blackhole applies to the sending of queries in addition to the receiving of queries. I believe you will need to settle for "allow-query" instead of "blackhole". Something like this: options { allow-query { mynets; }; }; Again, I could be wrong, but I don't think allow-recursion is needed in this case. Chris Buxton Professional Services Men & Mice _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users