Rev (Hidden Segment) Lookups in split environment

Kevin Darcy kcd at
Sat Mar 17 01:47:36 UTC 2001

If you have recursion turned off, then resolvers can only get what's in
your cache and authoritative data. Best practice is for your public
nameserver to turn off recursion *completely* (options { recursion no;
...) so that there's no possibility of anyone external getting internal
data out of your nameserver's cache. Of course, that means you can't use
that public nameserver to resolve any internal names. Typically, one
would therefore run a separate "private" instance of named to provide
resolution of internal names.

- Kevin

Thomas Duterme wrote:

> Hello everyone,
> I'm running a split DNS setup for my office.  On the
> external public IP nameservers, I want to map out the PTR
> records for the internal private IP segment.  Note, most of
> those IP addresses are private IP, but I still don't want to
> advertise the network topology to anyone outside the company
> (keeping in line with my reasoning for a split IP
> architecture).
> My current external servers restrict zone transfers and
> recursive queries.  Am I correct in thinking that foreign
> resolvers pointed to my external nameservers will NOT be
> able to lookup those PTR records?
> TIA,
> Thomas

More information about the bind-users mailing list