Reverse zones best practices

Phil Mayers p.mayers at imperial.ac.uk
Wed Jun 27 15:45:14 UTC 2012


On 27/06/12 15:30, nex6 wrote:

> so, you *should* have a larger 10.x.x.x zone? *and* smaller
> 10.x.x.0/24 zones? so i am assuming the workflow would be in this
> case, records go in the smaller zones, and the larger zone is the
> catchall to prevent leakage?

It is good practice, and polite, to prevent leakage of reverse DNS 
queries for the private IP ranges.

You can accomplish this two ways:

  1. Have a "zone" statement for every /24 inside 10/8 e.g.

0.0.10.in-addr-arpa
1.0.10.in-addr.arpa
...
255.255.in-addr.arpa

You could use empty/dummy zones (maybe even the same zone file) for 
zones which don't have actual contents defined.


  2. Have a "10.in-addr.arpa" zone *and* the smaller zones. If you do 
this, you might want to take the time to insert the proper delegations 
inside the 10.in-addr.arpa zone to the smaller zones, even if they're on 
the same servers. It might work without that, but there might be 
circumstances where it won't - I'm not sure.



More information about the bind-users mailing list