How to prevent BIND DNS resolver from querying authoritative DNS in private address space?

cn flag

I have a DNS resolver running BIND that serves clients in private address space (e.g., some of my clients are in, and separates them into Views.

There are domains on the public internet that have their NS servers resolving to private address space (e.g.,'s NS is which causes traffic from BIND to in an attempt to resolve it.

How can I prevent BIND from trying to query authoritative nameservers in private address space when resolving? I still need to be able to respond to clients in private address space for other domains.

cn flag

I was able to solve this by using server blocks in my Views to mark private subnets as bogus, e.g.,

server {
  bogus yes;

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.