Is there a way to send an invalid (or 0.0.0.0) IP addresses for my black hole zone file, instead of my current method of using local zone inform_deny? Any websites relying on sites in the black hole won’t load on iOS devices which is causing a problem for us. Appreciate any help. Thanks
Although I never got a response to this, the answer was to use always_nxdomain
FWIW, for those of you having problems since iOS 10 serving *.local domains, it can be circumvented by using *.lcl in addition to your *.local, so that at least iOS devices can access the network if necessary. There might be some scenario where that’s undesirable, but I can’t think of one off hand.
For the record:
.local is reserved for multicast DNS so anyone using it for other
purposes will face various issues.
Introducting .lcl is a wrong thing to do because it is effectivelly
hijacking TLD (which might not be delegated at moment but can be
delegated at any later time).
If you have to move from .local anyway, please use recommended
configuration instead of .lcl (or any other hack).
It is recommended to to use domain name like
`internal.example.com.` where `internal.example.com.` is an
existing zone, which might be insecure zone (i.e. a zone which is not
signed using DNSSEC).
I hope it clarifies how technically correct setup should look like.
Petr Špaček @ CZ.NIC