One Reverse Lookup Zone for Serveral Subnets?
Kevin Darcy
kcd at daimlerchrysler.com
Tue Aug 31 20:41:15 UTC 2004
atze wrote:
>Hi Guys,
>
>Maybe someone here can help with this, I have created 2 Bind9 Slave
>Zones, the Master is a Windows 2k Server.
>
>In this we have the subnets 10.0.0.0/20 and 10.49.0.0/20, and 2 DNS Domains.
>
>This are 3 Zones on Windows , 2 For the DNS Domains and 1 Reverse Lookup
>for all Zones.
>
>The 2 DNS Domain Slave Zones working good, but however the Reverse
>Lookup isn't working.
>
>I also tried to make a Slave Zone from the Reverse Lookup Zone on
>Windows, this seems first to be working, but now no more.
>
>How can I create one Reverse Lookup for the whole 10.x.x.x Subnet?
>Bind says that i must put in 3 Digit Numbers.
>
Nonsense. Where does BIND say this? I'm sure you can create a
10.in-addr.arpa on the Windows side. In fact, you *should* do this
anyway, so that if someone accidentally mistypes an address (e.g.
10.94.x.x instead of 10.49.x.x), the bogus query doesn't go out to the
Internet or god-knows-where.
>---
>
>Also I know that Bind has an option to fullfill automatically the FQDN,
>when I type "dig hostname" it search all existing Zone and filles up the
>FQDN, where can I set this?
>
The BIND *nameserver* does not have this option. The BIND
*stub*resolver* has this option, but you're probably using whatever stub
resolver comes with your clients' OS, rather than BIND's. It may or may
not have this option, or have the option, but in a slightly different form.
Trust me, you don't want this option. Basically what it does is make the
stub resolver guess at the domain. It would be like addressing a letter
to "John Smith, 123 Main Street" and then expecting the Postal Service
to find the right city, state/province, country, etc. It wastes
nameserver resources, introduces unnecessary query latency, and raises
the risk that people will accidentally connect to the wrong server (much
as the "John Smith" letter might get delivered to the wrong person).
With some stub resolvers, there is a limit on how many domains can be
searched, and once you hit that limit, you have to resort to horridly
ugly hacks in order to satisfy your users, once they've been hooked on
using shortnames. We've been down this path, and very much regret it.
Don't make the same mistake.
- Kevin
More information about the bind-users
mailing list