The role of reverse zone files
Steve Sandau
ssandau at gwi.net
Tue Nov 9 00:10:23 UTC 2004
Stephane Bortzmeyer wrote:
> On Mon, Nov 08, 2004 at 03:45:38AM +0000,
> bob prohaska <bp at fib.eecs.berkeley.edu> wrote
> a message of 36 lines which said:
>
>
>>Forward zone files for each domain make obvious sense, but I'm a
>>little hazy on the role of reverse domain files: Any nameserver with
>>forward zone files can tease out reverse information; what's the
>>need for reverse zone files?
>
>
> Yes, your nameservers could find the answer (and that was the purpose
> of the now deprecated IQUERY request). But how the rest of the world
> would find them? The tree of domain names has no relationship with the
> tree of IP addresses.
>
> For a similar reason, you can declare yourself authoritative for
> hotmail.com, it will not disturb Hotmail because nobody will ask your
> nameservers about hotmail.com (except your small network, of course).
>
>
>>There are only 5 addresses in the reverse file for all three
>>domains; will one 5.161.64.in-arpa file suffice
>
>
> It does not depend on the number of addresses. If they are all in
> 64.161.5.0/24, yes, one file will suffice.
>
> But it is unlikely that you have the complete /24, so you will
> probably have to use RFC 2317, which makes things more complicated,
> unfortunately. Talk to your upstream provider, because they will have
> to delegate to you.
>
Good answers. The last question you asked is answered with views. You
can define an "internal" view in the named.conf file. This will allow
inside info using private IPs to be available only to clients on the
inside of your firewall. Public info would be available to both inside
and outside.
Steve Sandau
More information about the bind-users
mailing list