[Unbound-users] Define a local zone to return NXDOMAIN
Sonic
sonicsmith at gmail.com
Mon Sep 1 13:48:28 UTC 2014
On Mon, Sep 1, 2014 at 9:37 AM, Maciej Soltysiak <maciej at soltysiak.com> wrote:
> When deploying my own set of refused zones I opted for REFUSED rcode
> because that's actually more informative and to the fact.
> I'm not lying the domain doesn't exist, I'm saying I am refusing to
> answer this question.
Same here.
> I guess it must be very very rare that applications make a distinction
> between REFUSED and NXDOMAIN.
I'm not aware of any cases off hand.
> That goes even lower down the IP stack. I rarely DROP packets. I
> mostly send ICMP Admin prohibited. Especially for UDP traffic.
I try to use a good working mix, and do answer ping requests. I think
the whole "stealth" stance is not net friendly.
Chris
More information about the Unbound-users
mailing list