empty zones and higher zone count after upgrading
sjcarr at gmail.com
Tue Oct 8 21:04:41 UTC 2013
So a "dig 10.IN-ADDR-ARPA" hasn't queried the root at all, if it had
you would have a response with an SOA of prisoner.iana.org and you
wouldn't have got an NXDOMAIN.
sjcarr at elmo:~ $ dig 10.in-addr.arpa
; <<>> DiG 9.8.5-P1 <<>> 10.in-addr.arpa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14930
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;10.in-addr.arpa. IN A
;; AUTHORITY SECTION:
10.in-addr.arpa. 300 IN SOA prisoner.iana.org.
hostmaster.root-servers.org. 2002040800 1800 900 604800 604800
;; Query time: 846 msec
;; SERVER: 172.16.0.251#53(172.16.0.251)
;; WHEN: Tue Oct 08 21:59:26 BST 2013
;; MSG SIZE rcvd: 110
Your local DNS server has responded correctly and said that
10.in-addr.arpa doesn't exist and the SOA is for root "." as your next
place to go and ask about it, but since it's an NXDOMAIN then your DNS
client wouldn't go asking any further.
On 8 October 2013 21:24, Con Wieland <cwieland at uci.edu> wrote:
> I am still trying to understand the empty zones and bind 9.8.5-P2 behaviour. The default shows 332 zones. With empty-zones-enable no; I get 253 zones, but with empty-zones-enable yes: I get 349
> The difference between empty zones yes and no is the addition of zones:
> & 16.172.IN-ADDR.ARPA thru 31.172.IN-ADDR.ARPA
> I am confused by the difference between these configurations.
> Also my understanding was that the empty zones prevent queries for these zones to the root servers and would be handled by the local nameserver. However with zones-enable yes:
> and a dig 10.IN-ADDR-ARPA
> I get the same answer as without the empty zone:
> ; <<>> DiG 9.8.5-P2 <<>> 10.IN-ADDR-ARPA
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43978
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;10.IN-ADDR-ARPA. IN A
> ;; AUTHORITY SECTION:
> . 10416 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013100801 1800 900 604800 86400
> ;; Query time: 5 msec
> ;; SERVER: 22.214.171.124#53(126.96.36.199)
> ;; WHEN: Tue Oct 08 13:08:33 PDT 2013
> ;; MSG SIZE rcvd: 108
> which is querying the root servers.
> Any help in understanding this or pointing me in the right direction would be greatly appreciated.
> Con Wieland
> Office of Information Technology
> University of California at Irvine
> On Sep 13, 2013, at 11:42 PM, Mark Andrews wrote:
>> Well they are documented in the current ARM.
>> Named has some built-in empty zones (SOA and NS records only).
>> These are for zones that should normally be answered locally
>> and which queries should not be sent to the Internet’s root
>> servers. The official servers which cover these namespaces
>> return NXDOMAIN responses to these queries. In particular, these
>> cover the reverse namespaces for addresses from RFC 1918, RFC
>> 4193, RFC 5737 and RFC 6598. They also include the reverse
>> namespace for IPv6 local address (locally assigned), IPv6 link
>> local addresses, the IPv6 loopback address and the IPv6 unknown
>> The address ranges are reserved in RFC 6598.
>> In message <B0960A7D-28E4-44C5-B094-048A605A8B8B at uci.edu>, Con Wieland writes:
>>> I upgraded on of our servers from 9.6-ESV-R8 to 9.8.5-P2 and I am showing 66
>>> more zones than I had before.
>>> I now have:
>>> < ; Zone dump of '64.100.IN-ADDR.ARPA/IN/internal'
>>> < ;
>>> < ; not implemented
>>> < ; Zone dump of '127.100.IN-ADDR.ARPA/IN/internal'
>>> < ;
>>> < ; not implemented
>>> when I do an rndc dumpdb -zones
>>> I do not have any xxx.100.IN-ADDR.ARPA zones configured. And these do not sho
>>> w up as empty zones that get created from the documentation I found
>>> any ideas would be greatly appreciated
>>> Con WIeland
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>>> from this list
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>> Mark Andrews, ISC
>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users