Reverse zones best practices
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jun 27 15:45:14 UTC 2012
On 27/06/12 15:30, nex6 wrote:
> so, you *should* have a larger 10.x.x.x zone? *and* smaller
> 10.x.x.0/24 zones? so i am assuming the workflow would be in this
> case, records go in the smaller zones, and the larger zone is the
> catchall to prevent leakage?
It is good practice, and polite, to prevent leakage of reverse DNS
queries for the private IP ranges.
You can accomplish this two ways:
1. Have a "zone" statement for every /24 inside 10/8 e.g.
0.0.10.in-addr-arpa
1.0.10.in-addr.arpa
...
255.255.in-addr.arpa
You could use empty/dummy zones (maybe even the same zone file) for
zones which don't have actual contents defined.
2. Have a "10.in-addr.arpa" zone *and* the smaller zones. If you do
this, you might want to take the time to insert the proper delegations
inside the 10.in-addr.arpa zone to the smaller zones, even if they're on
the same servers. It might work without that, but there might be
circumstances where it won't - I'm not sure.
More information about the bind-users
mailing list