[Pdns-users] Drop Requests for domain

Pieter Lexis pieter.lexis at powerdns.com
Thu Oct 22 10:43:47 UTC 2020


Hi Markus,

On 10/22/20 9:02 AM, Markus Ehrlicher via Pdns-users wrote:
> does exist any option, to drop requests to powerdns authoritative-server
> (4.3.1) for *.domain.xyz?

There is not. dnsdist[1] could do this for you. But usually dropping
queries on you auth is a bad idea, as it gives attackers time to spoof
answers. The auth will answer with REFUSED if the zone is not in the
database, or with an NXDOMAIN (or NODATA) when the zone exists but no
such record/type.

If this is not the answer you're looking for, please explain your
usecase in a bit more detail.

Cheers,

Pieter

-- 
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com


More information about the Pdns-users mailing list