Reverse zones best practices
borg at borg1911.com
Tue Jun 26 16:25:19 UTC 2012
* Phil Mayers <p.mayers at imperial.ac.uk> [2012-06-26 16:54:55 +0100]:
I am not going to be editing files by hand, we actually have a tool. I am more
concerned about best practices, and how to fix the mess.
eg, say we have about 500 vlans (/24s) and say only 350 have reverse zones.
from what I understand its best to just create the missing zones and fix the tools
so new networks always get reverse zones created.
becuase I dont think i can just create a larger /16 or /8. becuase they will
overlap and create a bigger mess.....
> On 26/06/12 16:42, nex6 wrote:
> >* Brad Bendily<Brad.Bendily at LA.GOV> [2012-06-25 16:35:28 -0500]:
> >wouldn't it be more confusing, in a big IP space with servers,
> >desktops etc all mashed together into one zone?
> If you have enough hosts for this to be confusing, you have enough
> hosts to store the data in some master data-source and automatically
> generate the zone files (or dynamic updates).
> Don't edit zone files manually unless they're trivially small.
> Don't read zone files unless you're debugging.
> Basically: don't do this.
> FWIW we use one large 10.in-addr.arpa file. Likewise for our "real"
> /16 subnets. We don't use a different reverse zone per actual subnet
> - it's pointless, and limits you to byte-aligned subnets or horrible
> delegation tricks.
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users