[dns-operations] Question about logger querys with registers points to 127.0.0.1

[Tony Finch]

Robert Edmonds <edmonds at mycre.ws> wrote:
>
> Unbound has a "do-not-query-localhost" config option (default enabled)
> that will prevent sending queries to localhost, but I'm not sure if
> similar functionality is available in BIND.

Use a server{} clause to declare addresses "bogus". My config has...

# Never send queries into bogus address space.
# Marks note if BIND has builtin empty zones

server	0.0.0.0/8	{ bogus yes; }; #
server	10.0.0.0/8	{ bogus yes; }; #
server	100.64.0.0/10   { bogus yes; }; #
server	127.0.0.0/8	{ bogus yes; }; #
server	169.254.0.0/16	{ bogus yes; }; #
server	172.16.0.0/12	{ bogus yes; }; #
server	192.0.0.0/24	{ bogus yes; };
server	192.0.2.0/24	{ bogus yes; }; #
server	192.88.99.0/24	{ bogus yes; };
server	192.168.0.0/16	{ bogus yes; }; #
server	198.18.0.0/15	{ bogus yes; };
server	198.51.100.0/24	{ bogus yes; }; #
server	203.0.113.0/24	{ bogus yes; }; #
server	224.0.0.0/3	{ bogus yes; };

server	0000::/3	{ bogus yes; };
server	2001:0000::/32	{ bogus yes; };
server	2001:0002::/48	{ bogus yes; };
server	2001:0010::/28	{ bogus yes; };
server	2001:0db8::/32	{ bogus yes; };
server	2002::/16	{ bogus yes; };
server	3000::/4	{ bogus yes; };
server	4000::/2	{ bogus yes; };
server	8000::/1	{ bogus yes; };

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Sole: Easterly 4 or 5, occasionally 6 in west. Moderate, occasionally rough in
west. Showers. Good.