Actually, I just realized a possible counterexample: if the zone is a
subzone of another zone that the server hosts, the type of error
depends
on the strategy used. With the zone statement, the error will be
REFUSED; without the zone statement, it will be SERVFAIL because of
the
lame delegation to itself.
And if it's your caching server, and the zone is delegated elsewhere,
depending upon whether the zone is configured as discussed (allow-
query=none)
or not configured at all, you are giving your clients a REFUSED or you
are
answering them with cached data. One possible way to implement
policy, e.g.
to make it less likely to reach known phishing sites.
John Wobus
Cornell
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
