[oclug] named: "enforced delegation-only"
Dave O'Neill
dmo+oclug at dmo.ca
Sun Nov 7 15:25:43 EST 2004
On Sun, Nov 07, 2004 at 02:37:29PM -0500, Raymond Wood wrote:
> Over the past few weeks I have begun to see the following type of entry
> showing up in my logs:
> ------------------------------------------------------------------------
> named[4854]: enforced delegation-only for 'com' (ns6.iluvdns.com/A/IN)
> from 192.41.162.30#53
> ------------------------------------------------------------------------
>
> I am running the bind9 service currently, and I realize that this log
> message is related to named. After googling a bit, however, I'm still
> not clear on what the message really means, or what the implications are
> for me.
"delegation-only" is a BIND setting that allows you to declare that you
don't want to get direct responses for a particular zone, only
delegations to the authoritative server. It can be enabled on a
per-zone basis, or as a blanket policy for all top-level domains.
This is the feature that lets you avoid the wildcard responses that
Verisign was returning from their root servers for every unregistered
domain name.
Details can be found in the BIND9 Administrator Manual (see
/usr/share/doc/bind9-doc on Debian) or on the ISC page at
http://www.isc.org/products/BIND/delegation-only.html
Cheers,
Dave
More information about the OCLUG
mailing list