Reverse zones best practices
nex6
borg at borg1911.com
Wed Jun 27 14:30:57 UTC 2012
* Phil Mayers <p.mayers at imperial.ac.uk> [2012-06-27 14:29:38 +0100]:
> On 26/06/12 17:25, nex6 wrote:
> >* Phil Mayers<p.mayers at imperial.ac.uk> [2012-06-26 16:54:55 +0100]:
> >
> >
> >I am not going to be editing files by hand, we actually have a tool. I am more
> >concerned about best practices, and how to fix the mess.
> >
> >eg, say we have about 500 vlans (/24s) and say only 350 have reverse zones.
> >from what I understand its best to just create the missing zones and fix the tools
> >so new networks always get reverse zones created.
> >
> >becuase I dont think i can just create a larger /16 or /8. becuase they will
> >overlap and create a bigger mess.....
>
> Do what works for you. If you would rather create the full range of
> x.y.10.in-addr.arpa from your tools, that's fine.
>
> I'm not sure the "best practice" you are asking about exists in that form.
>
> One final point though - you *should* have an enclosing
> 10.in-addr.arpa zone or "fill the holes", so that you don't leak
> reverse lookups to the DNS root servers. You might even find that,
> unless you disable it, your nameserver creates the empty zone for
> you.
so, you *should* have a larger 10.x.x.x zone? *and* smaller 10.x.x.0/24 zones? so i am assuming the workflow would
be in this case, records go in the smaller zones, and the larger zone is the catchall to prevent leakage?
More information about the bind-users
mailing list