empty-zones-enable vs. forwards for rfc1918 reverse zones
ab at lists.gxis.de
Wed Jul 1 11:36:21 UTC 2015
I have an internal bind server that has several forward zones pointing to
other internal name servers that carry reverse zones for rfc1918 networks
we are using in our networks (let's say something like 0.20.10.in-addr.arpa).
This works fine until I either set empty-zones-enable yes; or include the
empty rfc1918 master zones that Debian provides (this is bind 9.8.4):
When there is a 10.in-addr.arpa master zone, an additional forward zone for
0.20.10.in-addr.arpa will just be ignored.
(I assume in this case I would need to provide for some kind of delegation
for the reverse zones that actually are in use?)
I still want to blackhole lookups for unused rfc1918 space instead of
sending those requests towards the Internet.
My current workaround is to define additional forward zones for the
top-level rfc1918 networks that use a non-exsting address on the loopback
interface as forwarder. Obviously, between overlapping forward zones, some
kind of first match wins - rule is used. The downside to that is that I get
lots of lame-servers log entries for lookups matching those fake forward
Is there a better solution?
More information about the bind-users