empty-zones-enable vs. forwards for rfc1918 reverse zones
marka at isc.org
Wed Jul 1 11:58:52 UTC 2015
3653. [func] Create delegations for all "children" of empty zones
except "forward first". [RT #34826]
In message <20150701113621.GB1900 at gxis.de>, Alexander Bochmann writes:
> I have an internal bind server that has several forward zones pointing to
> other internal name servers that carry reverse zones for rfc1918 networks
> we are using in our networks (let's say something like 0.20.10.in-addr.arpa).
> This works fine until I either set empty-zones-enable yes; or include the
> empty rfc1918 master zones that Debian provides (this is bind 9.8.4):
> When there is a 10.in-addr.arpa master zone, an additional forward zone for
> 0.20.10.in-addr.arpa will just be ignored.
> (I assume in this case I would need to provide for some kind of delegation
> for the reverse zones that actually are in use?)
> I still want to blackhole lookups for unused rfc1918 space instead of
> sending those requests towards the Internet.
> My current workaround is to define additional forward zones for the
> top-level rfc1918 networks that use a non-exsting address on the loopback
> interface as forwarder. Obviously, between overlapping forward zones, some
> kind of first match wins - rule is used. The downside to that is that I get
> lots of lame-servers log entries for lookups matching those fake forward
> Is there a better solution?
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users