Quote:
Originally Posted by bathory
1. Of course. The client gets a REFUSED answer
2. Means that the client asks for the . (hint) zone
PS. Since you're new here, next time start a new thread instead of hijacking another one's thread
Regards
|
Thanks for the reply.
1. Sorry, but no, I don't believe it is a "of course". While I was waiting, I did two minor tests. A REFUSED message getting sent back depends on the version of bind installed. A little older version in fact simply did not reply, or maybe it is the settings. The client message display upon query was definitely different. One was REFUSED, as you indicated, and the other was a No Response.
So, this brings me to the question.
Is there a way to configure the DNS to not send a reply back of REFUSED?
I again reference the same data sample posted above by the user that started the post.
2. Okay, I thought it maybe something like. So in his example, it is asking for the root list. I confirmed this is how it is indicated in a DNS bind/named configuration file. He has properly disabled recursive. Does it make sense for him to not provide out hints either? If yes, how?
3. If the recursive was only limited to his localnet, then what effect would adding "additional-from-cache no;" into his configuration file accomplish, or bad idea, and why?
Again, the question is for anyone that wishes to reply.