blackhole and allow-query in bind 9.2

Ryan Bernard · ‎04-15-2009

Hi All

If I set blackhole for an acl and also allow-query for that acl in zone statement, which one should take precedence?

Based on ISC admin guide, allow-query in zone statement take precedence over allow-query in options statement. But it did not state anything about blackhole. Thanks for any advice rendered~!

e.g.
acl 123
options {
blackhole { 123; };
}

zone "123.com" {
type master; allow-query { 123; };
file "123.com.zone" ;

VK2COT · ‎04-15-2009

Hello,

Definitions in zone statements take precedence
over those in global options.

Cheers,

VK2COT

VK2COT - Dusan Baljevic

Matti_Kurkela · ‎04-15-2009

The "blackhole" option tells the server to drop all traffic from the addresses listed in the ACL.

By quickly looking at the source code of BIND 9.2.9, it seems that this check happens even before BIND tries to parse the data, i.e. before the server even knows the incoming message is a query. If the blackhole check matches, no further processing is done.

So it would seem that "blackhole" takes precedence over everything else.

It may even be that a "blackhole" setting prevents the server from _sending_ data to blackholed addresses too.

MK

MK

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

blackhole and allow-query in bind 9.2

blackhole and allow-query in bind 9.2

Re: blackhole and allow-query in bind 9.2

Re: blackhole and allow-query in bind 9.2