Query: suppressing autogenerated empty zones (e.g. 10.in-addr.arpa) that should be configured via DNS catalog?

[Ondřej Surý]

> On 12. 5. 2025, at 15:11, MCBRIDE, DAVID W. <david.w.mcbride at durham.ac.uk> wrote:
> 
> The alternative is to disable the creation of all empty zones entirely
> with `empty-zones-enable no;`, however, this is unattractive as it will
> fail broken.

This would be my preferred solution.

> (I can try to ensure that the catalog (and local authoritative server)
> all reference each of the private DNS zones as required, and keep this
> set updated; however, any ommission will cause queries to be
> inappropriately forwarded to the DNS root.)

You can run AS 112 anycast in your network to catch and stragglers.  You
should do this anyway as an ISP if you have resources for this.

Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.