Reverse zones best practices

Phil Mayers p.mayers at
Wed Jun 27 15:45:14 UTC 2012

On 27/06/12 15:30, nex6 wrote:

> so, you *should* have a larger 10.x.x.x zone? *and* smaller
> 10.x.x.0/24 zones? so i am assuming the workflow would be in this
> case, records go in the smaller zones, and the larger zone is the
> catchall to prevent leakage?

It is good practice, and polite, to prevent leakage of reverse DNS 
queries for the private IP ranges.

You can accomplish this two ways:

  1. Have a "zone" statement for every /24 inside 10/8 e.g.

You could use empty/dummy zones (maybe even the same zone file) for 
zones which don't have actual contents defined.

  2. Have a "" zone *and* the smaller zones. If you do 
this, you might want to take the time to insert the proper delegations 
inside the zone to the smaller zones, even if they're on 
the same servers. It might work without that, but there might be 
circumstances where it won't - I'm not sure.

More information about the bind-users mailing list