reverse zone of type forward when /28 subnet

Dmitri Tarkhov tarkhov at
Fri Dec 28 07:19:12 UTC 2012

Hi, all,

thank you very much for discussion. It was interesting and very useful.
You can pretty well imagine that I am not much dns involved,
I am rather unix and unix HW guy.
Unfortunately I saw dns cache poisoning attack and although it could be
provoked by side effects it's better to get rid of it altogether.
For just 14 (241-254) addresses it is not difficult to maintain 2 types
of master zones in sync (RFC 2317 and RFC 1035) and it's enough to put a
couple of comment lines to not forget it later.
Yes, life is short but this is not the reason to not train the brain,
can help to hook a life a bit longer ...
Bring stir to the chicken coop and request compliance is generally
good idea and fingers itch but I don't expect much from our ISPs ...
So first I'll try "type forward" within a view,
then I'm sure, one address zones can serve me right.
I will also contact the ISP but without great expectations.

Why I do all this is:
- enforce security
- assure stable mail exchange (which depends on reverse resolving)

Mark Andrews wrote:

> In message <50DCD454.2070303 at>, Doug Barton writes:
>>On 12/27/2012 11:18 AM, Mark Andrews wrote:
>>>zone "241.Z.X.Y.IN-ADDR.ARPA" {
>>>	type master;
>>>	file "241.Z.X.Y.IN-ADDR.ARPA";
>>That's great locally, but it doesn't match the 2317 delegation from the 
>>upstream, and usually it's not possible to change what they send you.
>>Or are you suggesting maintaining both the individual versions of the 
>>zones, and the 2317 zone?
> No.  I'm suggesting that they tell their ISP to do RFC 2317 right
> or do RFC 1035 delegations.   If their ISP won't do either change
> ISP.
>>Please visit to unsubscribe from this list
>>bind-users mailing list
>>bind-users at

Best regards,
Dmitri Tarkhov

More information about the bind-users mailing list