empty-zones-enable vs. forwards for rfc1918 reverse zones

Mark Andrews marka at isc.org
Wed Jul 1 11:58:52 UTC 2015


3653.   [func]          Create delegations for all "children" of empty zones
                        except "forward first". [RT #34826]


In message <20150701113621.GB1900 at gxis.de>, Alexander Bochmann writes:
> Hi,
> I have an internal bind server that has several forward zones pointing to 
> other internal name servers that carry reverse zones for rfc1918 networks 
> we are using in our networks (let's say something like 0.20.10.in-addr.arpa).
> This works fine until I either set empty-zones-enable yes; or include the 
> empty rfc1918 master zones that Debian provides (this is bind 9.8.4):
> When there is a 10.in-addr.arpa master zone, an additional forward zone for 
> 0.20.10.in-addr.arpa will just be ignored.
> (I assume in this case I would need to provide for some kind of delegation 
> for the reverse zones that actually are in use?)
> I still want to blackhole lookups for unused rfc1918 space instead of 
> sending those requests towards the Internet. 
> My current workaround is to define additional forward zones for the 
> top-level rfc1918 networks that use a non-exsting address on the loopback 
> interface as forwarder. Obviously, between overlapping forward zones, some 
> kind of first match wins - rule is used. The downside to that is that I get 
> lots of lame-servers log entries for lookups matching those fake forward 
> zones.
> Is there a better solution?
> Alex.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list