Hi again Fred,
> As for if you are missing something else that would allow you to
> achieve your goal, I'll let others answer.
This was bugging me this morning so I ran a quick second test. It
turns out that allow-query { }; limited to just those IP(s) that
should be able to query the server will return refused to all others.
I set on my test server:
allow-query {
none;
};
And that produced REFUSED on a client:
% dig . TXT @192.168.40.82 +norec
; <<>> DiG 9.10.6 <<>> . TXT @192.168.40.82 +norec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 53007
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 12 ("..")
;; QUESTION SECTION:
;. IN TXT
;; Query time: 11 msec
;; SERVER: 192.168.40.82#53(192.168.40.82)
;; WHEN: Sun Sep 07 06:20:31 EDT 2025
;; MSG SIZE rcvd: 34
Thank you,
Darren Ankney
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list.
