> If you follow comp.protocols.dns.bind or subscribe to the bind-announce
> mailing list, you'll be aware that ISC has come out with a patch that
> allows you to add something like
> 	zone "com" in { type delegation-only; };
> 	zone "net" in { type delegation-only; };
> to your named.conf file.  The only complaint I have with the patch
> is that it logs every failed lookup as "enforced delegation-only for
> 'COM' (verisignisfullofmonkeys.com)" with a priority of ISC_LOG_NOTICE,
> but I've updated that locally to ISC_LOG_INFO (the file to update is
> lib/dns/resolver.c) to make our log watchers a little happier.

  At least in the release candidate version they added another logging
category "delegation-only", so you just set them up to get tossed.

