Most specific match on PTR records

Nikita Koshikov koshikov at gmail.com
Fri Feb 22 09:24:20 UTC 2013 

Thanks for your response, Hauke

On Thu, Feb 21, 2013 at 9:10 PM, Hauke Lampe <lampe at hauke-lampe.de> wrote:

> On 21.02.2013 19:20, Nikita Koshikov wrote:
>
> I haven't tested this in detail but here's what I would try:
>
>
>  I'm trying to "cut" /24 network from the scope of /8 network, here is
>> example:
>>
>>          zone "11.2.10.in-addr.arpa" {
>>                  type forward;
>>                  forwarders { 192.168.1.23; 192.168.1.24; };
>>          };
>>
>>          zone "10.in-addr.arpa" {
>>                  type master;
>>                  file "master/int/10.in-addr.arpa";
>>          };
>>
>>
> The local authoritative data takes precedence over a forward zone.
>
>
>  10.in-addr.arpa is just a file that returns NXDOMAIN for any 10.0.0.0/8ip
>> address. But I need to forward requests for 10.2.11.0/24 net to other dns
>> servers and the above config not working.
>>
>
> The easiest way might be to delegate the subdomain with a static-stub:
>
>           zone "11.2.10.in-addr.arpa" {
>                   type static-stub;
>                   server-addresses { 192.168.1.23; 192.168.1.24; };
>
>           };
>
>           zone "10.in-addr.arpa" {
>                   type master;
>                   file "master/int/10.in-addr.arpa";
>           };
>
> This is a "synthetic" delegation. There could be a problem if a client
> queries 2.10.in-addr.arpa. The NXDOMAIN response (instead of nodata) can be
> interpreted as "*.2.10.in-addr.arpa. doesn't exist". A "real" delegation in
> the zone file is probably better.
>
> If your version of BIND is older than 9.8, you could try to move the
> master zone into a view and configure 10.in-addr.arpa as another forward
> zone in the client's view.
>
> Bind here is 9.3.6, so no static-stub is avaliable. Can you give simple
exmaple of view for this scenario ? I already have split dns on this
machine, it look like:

acl internals {
                {};                                     //for correct
syntax comments resolution
                10.0.0.0/8;             //Servica lan
                192.168.0.0/16;
};
view "internal" {
        match-clients { internals; };
        allow-transfer { internals; };
        recursion yes;

// here 10/8 net
}



>
> Hauke.
>
>
> ______________________________**_________________
> Please visit https://lists.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/bind-users>to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/bind-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130222/d5f4c347/attachment.html>

More information about the bind-users mailing list