One Reverse Lookup Zone for Serveral Subnets?
atze
atze.nospam at arcor.de
Wed Sep 1 08:41:42 UTC 2004
Kevin Darcy wrote:
> atze wrote:
>
>
>>Hi Guys,
>>
>>Maybe someone here can help with this, I have created 2 Bind9 Slave
>>Zones, the Master is a Windows 2k Server.
>>
>>In this we have the subnets 10.0.0.0/20 and 10.49.0.0/20, and 2 DNS Domains.
>>
>>This are 3 Zones on Windows , 2 For the DNS Domains and 1 Reverse Lookup
>>for all Zones.
>>
>>The 2 DNS Domain Slave Zones working good, but however the Reverse
>>Lookup isn't working.
>>
>>I also tried to make a Slave Zone from the Reverse Lookup Zone on
>>Windows, this seems first to be working, but now no more.
>>
>>How can I create one Reverse Lookup for the whole 10.x.x.x Subnet?
>>Bind says that i must put in 3 Digit Numbers.
>>
>
> Nonsense. Where does BIND say this? I'm sure you can create a
> 10.in-addr.arpa on the Windows side. In fact, you *should* do this
> anyway, so that if someone accidentally mistypes an address (e.g.
> 10.94.x.x instead of 10.49.x.x), the bogus query doesn't go out to the
> Internet or god-knows-where.
The stupid Red Hat Bind Config Tool says it, ok then I leave the
graphical shit, and configure it manually. Otherwise I waste my time I
think.
>
>
>>---
>>
>>Also I know that Bind has an option to fullfill automatically the FQDN,
>>when I type "dig hostname" it search all existing Zone and filles up the
>>FQDN, where can I set this?
>>
>
> The BIND *nameserver* does not have this option. The BIND
> *stub*resolver* has this option, but you're probably using whatever stub
> resolver comes with your clients' OS, rather than BIND's. It may or may
> not have this option, or have the option, but in a slightly different form.
>
> Trust me, you don't want this option. Basically what it does is make the
> stub resolver guess at the domain. It would be like addressing a letter
> to "John Smith, 123 Main Street" and then expecting the Postal Service
> to find the right city, state/province, country, etc. It wastes
> nameserver resources, introduces unnecessary query latency, and raises
> the risk that people will accidentally connect to the wrong server (much
> as the "John Smith" letter might get delivered to the wrong person).
> With some stub resolvers, there is a limit on how many domains can be
> searched, and once you hit that limit, you have to resort to horridly
> ugly hacks in order to satisfy your users, once they've been hooked on
> using shortnames. We've been down this path, and very much regret it.
> Don't make the same mistake.
Good suggestion, anyway I have to look in the configs more.
Thanks for help
>
> - Kevin
>
>
>
More information about the bind-users
mailing list