Using local caching Bind9 DNS server to ‘blacklist’ certain domains

binddomain-name-system

I have a Bind9 instance acting as a caching (forwarding) name server for a group of mail servers.
Basically it queries a few specific upstream nameservers only when the domains arent in the cache.

This name server is not authoritative for any domain (here are no zones).

I would like to use this Bind instance to 'blacklist' a few domains, similar to a DNSBL; I'd like to simply return 'NXDOMAIN' for domain 'bad.example.com'.
How can I do this?

I don't need any complex rbld or similar, it's just going to be for a few domains that I don't want anything to do with.

Relevant named.conf options: 

options { 
        forwarders {
                8.8.8.8;
                1.2.3.4;
                5.6.7.8
        };
    };

Best Answer

You could add the blacklisted domains in named.conf as a zone directive.

zone "bad.example.com" { type master; file "bad_domains"; };

then create bad_domains zonedata with only a SOA record in it.

Regards, jgr

Related Topic