Reverse zones best practices

Phil Mayers p.mayers at imperial.ac.uk
Tue Jun 26 15:54:55 UTC 2012


On 26/06/12 16:42, nex6 wrote:
> * Brad Bendily<Brad.Bendily at LA.GOV>  [2012-06-25 16:35:28 -0500]:
>
>
> wouldn't it be more confusing, in a big IP space with servers,
> desktops etc all mashed together into one zone?

If you have enough hosts for this to be confusing, you have enough hosts 
to store the data in some master data-source and automatically generate 
the zone files (or dynamic updates).

Don't edit zone files manually unless they're trivially small.

Don't read zone files unless you're debugging.

Basically: don't do this.

FWIW we use one large 10.in-addr.arpa file. Likewise for our "real" /16 
subnets. We don't use a different reverse zone per actual subnet - it's 
pointless, and limits you to byte-aligned subnets or horrible delegation 
tricks.



More information about the bind-users mailing list