Blackhole DNS
HURT, CHRIS [Non-Pharmacia/1000]
chris.hurt at monsanto.com
Fri Feb 22 01:31:22 UTC 2002
Hi Kevin,
Can you define "too large" for me - I currently have 34548 records in one of
my rev zones - Should this be broken up?
Thanks,
Chris
-----Original Message-----
From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
Sent: Thursday, February 21, 2002 4:49 PM
To: comp-protocols-dns-bind at isc.org
Subject: Re: Blackhole DNS
Yes, when using RFC 1918 addresses, you should define reverse DNS zones at
the highest possible level in the hierarchy (e.g. 168.192.in-addr.arpa,
10.in-addr.arpa). Why the highest possible level, rather than just the slice
that you need, e.g. 1.168.192.in-addr.arpa? Because that way you avoid bogus
queries for mistyped addresses as well. You can always delegate if the zone
gets too large...
- Kevin
Martin Stewart wrote:
> When a server is being accessed by clients with private addresses
> (RFC1918) is it best practice to make the server's caching DNS server
> authoritative for 10.in-addr.arpa?
>
> I've recently seen a problem which I claimed might have been caused by an
> outage (or us not being able to reach) the blackhole servers at blackhole-
> 1.iana.org and I was wondering how other people solved that issue.
>
> Come to that are there any stats on the blackhole servers?
>
> Thanks,
>
> Martin Stewart
More information about the bind-users
mailing list