Reverse Zone, Can It Be One Big Class B?
ray at isc.org
Thu Nov 30 22:31:28 UTC 2017
On 30/11/2017 22:13, Reineman, Rick wrote:
> The subject is a little off, I have a Class B network masked down to
> a bunch of Class C networks.
> I am replacing an old DNS service where they configured it as one
> might expect with one reverse mapping file per network. So we have
> many of these files.
> I don't see any reason why I can't treat my reverse mapping file as
> if it were all Class B addresses. So one big reverse mapping file
> just like my forward mapping file. This would make management of the
> reverse mapping file much easier.
> This is a smallish internal network, about 900 hosts or so. We're
> doing no delegation.
> So my question is, is there a good reason why I should not do this?
> It's been awhile since I had a DNS project and have never managed it
> on a Class B with Class C masked networks before.
The main thing you may wish to consider is whether you ever wish to
DNSSEC sign your reverse zones.
If you do, the zone cut on the parent name servers (which is where the
DS records would be) must match the zone cut on your own servers, which
would contain the DNSKEY records.
So, if your RIR has delegated a single /16 part of .in-addr.arpa to you,
and you currently split that into /24 zones yourself, you'd be fine.
If, OTOH, your RIR can only delegate at the /24 boundary, you'd have to
maintain your zone cuts at that boundary too.
More information about the bind-users