reverse zone of type forward when /28 subnet

Peter Andreev andreev.peter at gmail.com
Sat Dec 29 19:21:11 UTC 2012 

Actually, Mark's advice is much better.

2012/12/29 Dmitri Tarkhov <tarkhov at dionaholding.ru>:
> Hi,
> this finally works:
>
> view "reverse1" IN {
>         recursion yes;
>
>         zone "z.y.x.in-addr.arpa" IN { type forward; forward only;
>                 forwarders { A; B; }; };
>
>
> zone "localhost" IN { type master;
>         file "master.localhost"; };
>
>
> zone "0.0.127.in-addr.arpa" IN { type master;
>         file "localhst.rev"; };
> };
>
> And Happy New Year!
>
>
> Dmitri Tarkhov wrote:
>
>> Hi, all,
>>
>> thank you very much for discussion. It was interesting and very useful.
>> You can pretty well imagine that I am not much dns involved,
>> I am rather unix and unix HW guy.
>> Unfortunately I saw dns cache poisoning attack and although it could be
>> provoked by side effects it's better to get rid of it altogether.
>> For just 14 (241-254) addresses it is not difficult to maintain 2 types
>> of master zones in sync (RFC 2317 and RFC 1035) and it's enough to put a
>> couple of comment lines to not forget it later.
>> Yes, life is short but this is not the reason to not train the brain,
>> can help to hook a life a bit longer ...
>> Bring stir to the chicken coop and request compliance is generally
>> good idea and fingers itch but I don't expect much from our ISPs ...
>> So first I'll try "type forward" within a view,
>> then I'm sure, one address zones can serve me right.
>> I will also contact the ISP but without great expectations.
>>
>> Why I do all this is:
>> - enforce security
>> - assure stable mail exchange (which depends on reverse resolving)
>>
>> Mark Andrews wrote:
>>
>>> In message <50DCD454.2070303 at dougbarton.us>, Doug Barton writes:
>>>
>>>> On 12/27/2012 11:18 AM, Mark Andrews wrote:
>>>>
>>>>> zone "241.Z.X.Y.IN-ADDR.ARPA" {
>>>>>     type master;
>>>>>     file "241.Z.X.Y.IN-ADDR.ARPA";
>>>>> };
>>>>
>>>>
>>>>
>>>> That's great locally, but it doesn't match the 2317 delegation from the
>>>> upstream, and usually it's not possible to change what they send you.
>>>>
>>>> Or are you suggesting maintaining both the individual versions of the
>>>> zones, and the 2317 zone?
>>>
>>>
>>>
>>>
>>> No.  I'm suggesting that they tell their ISP to do RFC 2317 right
>>> or do RFC 1035 delegations.   If their ISP won't do either change
>>> ISP.
>>>
>>>
>>>> Doug
>>>> _______________________________________________
>>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>>> unsubscribe from this list
>>>>
>>>> bind-users mailing list
>>>> bind-users at lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>>
>
> --
> Best regards,
> Dmitri Tarkhov
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users



-- 
AP

More information about the bind-users mailing list