On Dec 3, 2009, at 10:16 AM, Kevin Darcy wrote:
> Chris Buxton wrote:
>> On Dec 2, 2009, at 6:40 AM, Dmitry Rybin wrote:
>>> Hello!
>>>
>>> I can't find in docs how disable answer (Refused), if recursion for IP is
>>> not allowed?
>>
>>
>> Something like this should work:
>> _________________________________
>>
>> view caching-server {
>> match-recursive-only yes;
>> blackhole { ! authorized-clients; any; };
>> // any other resolution configuration goes here
>> };
>>
>
> "This should work" <--- one of the scariest phrases in the computing field :-)
True, true. It means, of course, "The docs suggest this will work, but I
haven't actually tested it."
> Unfortunately, "blackhole" can only appear the (global) "options" clause:
I'm happy to be corrected. You'd never know this from reading the BIND ARM.
>From the description of the view statement:
Many of the options given in the options statement can also be used
within a view statement, and then apply only when resolving queries
with that view.
There is no definitive list of the options that can or can not be used in a
view. Likewise, the description of the blackhole statement makes no mention of
the fact that it's not valid inside a view.
So, to the original poster, we're back to "it can't be done with BIND
configuration." Of course, you could hack the BIND source code...
Chris Buxton
Professional Services
Men & Mice
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
