- Yes, I thought about not using DNS from the same internet provider, but wanted to know if there is a way to patch only the .local response.
- This is the configuration I use in one of the LANs: view "local-nets" { match-clients { acl_local-nets; }; recursion yes; forwarders { 62.151.2.8; }; include "/etc/bind/named.conf.default-zones"; } - These are the tests to be done from a client: $ host -t SOA local. $ host -t SOA local. 62.151.2.8 - I've tried to create an empty zone, or lacking of A or SOA records, but then BIND9 doesn't load it: zone local/IN: has 0 SOA records zone local/IN: has no NS records zone local/IN: not loaded due to errors. - I'm using BIND 9.7.3 from Debian 6, and I see that I need to upgrade to BIND 9.8.4 from Debian 7 to configure an RPZ zone. But I'm not sure if it's useful for SOA records. Al 20/05/13 09:00, En/na Matus UHLAR - fantomas ha escrit: >>> On 19 May 2013 20:51, Narcis Garcia <informat...@actiu.net> wrote: >>>> The internet ISP returns positive values for .local >>>> queries, and I need that LAN clients receive NXDOMAIN instead. > > do they return positive answers for any non-existing domains? > (is this one of ISPs wanting to make money on mistypes and ling to the > people?) > On 19.05.13 21:26, Steven Carr wrote: >> But in response to the actual question... what you want to do is not >> possible in BIND zone configs as you can't create a negative zone >> (that I'm aware of). > > He can create empty .local zone that will return NXDOMAIN for everything. > >> On 19 May 2013 21:22, Steven Carr <sjc...@gmail.com> wrote: >>> Why are you forwarding queries to the ISP? Implement your own caching >>> layer, I for one would never use/trust an ISPs caching servers. If I >>> want to resolve a domain I go direct to the source, not via a 3rd >>> party. > > This is the real solution. You should not use services broken like this of > any ISP. I'd even recommend not to use ANY services of such ISPs. > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users