Join Log in
Score:1
avatar Server

How to prevent BIND DNS resolver from querying authoritative DNS in private address space?

cn flag
HowToBIND

I have a DNS resolver running BIND that serves clients in private address space (e.g., some of my clients are in 10.1.0.0/24), and separates them into Views.

There are domains on the public internet that have their NS servers resolving to private address space (e.g., example.com's NS is 10.2.0.1) which causes traffic from BIND to 10.2.0.1 in an attempt to resolve it.

How can I prevent BIND from trying to query authoritative nameservers in private address space when resolving? I still need to be able to respond to clients in private address space for other domains.

36
0 + 0
Score:0
avatar Server
cn flag
HowToBIND

I was able to solve this by using server blocks in my Views to mark private subnets as bogus, e.g.,

server 10.0.0.0/8 {
  bogus yes;
};
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.