You have multiple choices here.

Loopback is sometimes a bad choice, since the client may try to connect to itself, and in pathological cases this could cause an infinite loop.

You could consider an A record with RDATA 0.0.0.0, the "null" or "unspecified" address. It is not legal for that ever to be a destination address for a connection attempt, so it's marginally safer than 127.0.0.1.

For that matter, you don't need to define *any* A (or AAAA) record in the zone at all. Then any resolution attempts will get a so-called "NODATA" response (NOERROR, but 0 answers), which the vast majority of stub resolvers won't be able to distinguish from NXDOMAIN.

                                                        - Kevin

On 9/16/2014 12:20 PM, King, Harold Clyde (Hal) wrote:
I need to block a host in an exterior domain.

Resolve all traffic for example.com from example.com¹s dns servers, but
stop badhost.example.com.
I guess I could become authoritative for badhost.example.com and point the
host to 127.0.0.1.
Does that sound like bad things would happen?

Zone ³badhost.example.com² {
        type master;
        file ³/etc/named/badhost.example.com.db²;
}

Badhost.example.com. IN SOA localhost (
                Admin.localhost
                2014091601
                3600
                900
                860000
                3600 )
        NS localhost.
        A 127.0.0.1


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to