On 27/06/12 15:30, nex6 wrote:
so, you *should* have a larger 10.x.x.x zone? *and* smaller
10.x.x.0/24 zones? so i am assuming the workflow would be in this
case, records go in the smaller zones, and the larger zone is the
catchall to prevent leakage?
It is good practice, and polite, to prevent leakage of reverse DNS
queries for the private IP ranges.
You can accomplish this two ways:
1. Have a "zone" statement for every /24 inside 10/8 e.g.
0.0.10.in-addr-arpa
1.0.10.in-addr.arpa
...
255.255.in-addr.arpa
You could use empty/dummy zones (maybe even the same zone file) for
zones which don't have actual contents defined.
2. Have a "10.in-addr.arpa" zone *and* the smaller zones. If you do
this, you might want to take the time to insert the proper delegations
inside the 10.in-addr.arpa zone to the smaller zones, even if they're on
the same servers. It might work without that, but there might be
circumstances where it won't - I'm not sure.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
