Blackhole DNS
Kevin Darcy
kcd at daimlerchrysler.com
Fri Feb 22 01:40:49 UTC 2002
Probably, unless you're using IXFR for zone transfers or the zone hardly ever
changes. A zone with 34,000+ records has the potential to waste a lot of
zone-transfer bandwidth...
- Kevin
"HURT, CHRIS [Non-Pharmacia/1000]" wrote:
> Hi Kevin,
>
> Can you define "too large" for me - I currently have 34548 records in one of
> my rev zones - Should this be broken up?
>
> Thanks,
> Chris
>
> -----Original Message-----
> From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
> Sent: Thursday, February 21, 2002 4:49 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: Blackhole DNS
>
> Yes, when using RFC 1918 addresses, you should define reverse DNS zones at
> the highest possible level in the hierarchy (e.g. 168.192.in-addr.arpa,
> 10.in-addr.arpa). Why the highest possible level, rather than just the slice
> that you need, e.g. 1.168.192.in-addr.arpa? Because that way you avoid bogus
> queries for mistyped addresses as well. You can always delegate if the zone
> gets too large...
>
> - Kevin
>
> Martin Stewart wrote:
>
> > When a server is being accessed by clients with private addresses
> > (RFC1918) is it best practice to make the server's caching DNS server
> > authoritative for 10.in-addr.arpa?
> >
> > I've recently seen a problem which I claimed might have been caused by an
> > outage (or us not being able to reach) the blackhole servers at blackhole-
> > 1.iana.org and I was wondering how other people solved that issue.
> >
> > Come to that are there any stats on the blackhole servers?
> >
> > Thanks,
> >
> > Martin Stewart
More information about the bind-users
mailing list