One Reverse Lookup Zone for Serveral Subnets?

atze atze.nospam at arcor.de
Wed Sep 1 08:41:42 UTC 2004 

Kevin Darcy wrote:

> atze wrote:
> 
> 
>>Hi Guys,
>>
>>Maybe someone here can help with this, I have created 2 Bind9 Slave 
>>Zones, the Master is a Windows 2k Server.
>>
>>In this we have the subnets 10.0.0.0/20 and 10.49.0.0/20, and 2 DNS Domains.
>>
>>This are 3 Zones on Windows , 2 For the DNS Domains and 1 Reverse Lookup
>>for all Zones.
>>
>>The 2 DNS Domain Slave Zones working good, but however the Reverse 
>>Lookup isn't working.
>>
>>I also tried to make a Slave Zone from the Reverse Lookup Zone on 
>>Windows, this seems first to be working, but now no more.
>>
>>How can I create one Reverse Lookup for the whole 10.x.x.x  Subnet?
>>Bind says that i must put in 3 Digit Numbers.
>>
> 
> Nonsense. Where does BIND say this? I'm sure you can create a 
> 10.in-addr.arpa on the Windows side. In fact, you *should* do this 
> anyway, so that if someone accidentally mistypes an address (e.g. 
> 10.94.x.x instead of 10.49.x.x), the bogus query doesn't go out to the 
> Internet or god-knows-where.

The stupid Red Hat Bind Config Tool says it, ok then I leave the 
graphical shit, and configure it manually. Otherwise I waste my time I 
think.
> 
> 
>>---
>>
>>Also I know that Bind has an option to fullfill automatically the FQDN,
>>when I type "dig hostname" it search all existing Zone and filles up the 
>>FQDN, where can I set this?
>>
> 
> The BIND *nameserver* does not have this option. The BIND 
> *stub*resolver* has this option, but you're probably using whatever stub 
> resolver comes with your clients' OS, rather than BIND's. It may or may 
> not have this option, or have the option, but in a slightly different form.
> 
> Trust me, you don't want this option. Basically what it does is make the 
> stub resolver guess at the domain. It would be like addressing a letter 
> to "John Smith, 123 Main Street" and then expecting the Postal Service 
> to find the right city, state/province, country, etc. It wastes 
> nameserver resources, introduces unnecessary query latency, and raises 
> the risk that people will accidentally connect to the wrong server (much 
> as the "John Smith" letter might get delivered to the wrong person). 
> With some stub resolvers, there is a limit on how many domains can be 
> searched, and once you hit that limit, you have to resort to horridly 
> ugly hacks in order to satisfy your users, once they've been hooked on 
> using shortnames. We've been down this path, and very much regret it. 
> Don't make the same mistake.

Good suggestion, anyway I have to look in the configs more.

Thanks for help

> 
> - Kevin
> 
> 
>

More information about the bind-users mailing list