I have a BIND9 database with a wildcard record:
* IN CNAME host.mydomain.tld.
I want to get my DNS server to "spoof" NXDOMAIN for chosen names:
nxhost1 => NXDOMAIN
nxhost2 => NXDOMAIN
etc...
Is this achieveable with BIND9?
If so, how can I do it?
Thanks.
There are a couple ways about this, as i understand:
-As of BIND 9.9 there is Response Policy Zone Rewriting (RPZ), which allows an ip or dname match to be rewritten, two of the options are returning NXDOMAIN & NODATA - BIND 9.9 Reference Manual
-I've saw method (but haven't tried, i use NSD and this doesn't work) that you can create an empty SOA for that specific zone, and as a result should return NXDOMAIN. i'll update if i can find the page again
although not BIND, i'll mention that Unbound also has config options for returning NXDOMAIN
Related:
