Reverse zones best practices
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jun 27 13:29:38 UTC 2012
On 26/06/12 17:25, nex6 wrote:
> * Phil Mayers<p.mayers at imperial.ac.uk> [2012-06-26 16:54:55 +0100]:
>
>
> I am not going to be editing files by hand, we actually have a tool. I am more
> concerned about best practices, and how to fix the mess.
>
> eg, say we have about 500 vlans (/24s) and say only 350 have reverse zones.
> from what I understand its best to just create the missing zones and fix the tools
> so new networks always get reverse zones created.
>
> becuase I dont think i can just create a larger /16 or /8. becuase they will
> overlap and create a bigger mess.....
Do what works for you. If you would rather create the full range of
x.y.10.in-addr.arpa from your tools, that's fine.
I'm not sure the "best practice" you are asking about exists in that form.
One final point though - you *should* have an enclosing 10.in-addr.arpa
zone or "fill the holes", so that you don't leak reverse lookups to the
DNS root servers. You might even find that, unless you disable it, your
nameserver creates the empty zone for you.
More information about the bind-users
mailing list