RFC 6303 and bind 9.9.0
Spain, Dr. Jeffry A.
spainj at countryday.net
Thu Mar 1 20:59:11 UTC 2012
>> Just for clarification, do I understand correctly that if none of the
>> empty zones described in RFC 6303 are set up explicitly in the bind
>> 9.9.0 configuration file, then bind 9.9.0 will process them as such
>> anyway using built-in generic zone processing rules?
> Yes. To expand a bit on Mark's answer, all of the namespaces covered by RFC 6303 have built-in empty zones in BIND 9.9, and these zones are activated by default in any view that supports recursion. No configuration should be necessary.
> If you want to set up reverse DNS for a private network in a nonroutable address space, you can go ahead and do so; zones that you configure override the built-in zones.
Thanks. This works as you say if I remove the explicit configuration for the empty zones, as verified by adding the option 'zone-statistics yes;' and running 'rndc stats'.
Also I see that bind 9.9.0 uses built-in root hints if those are not explicitly configured. If the root hints are updated on ftp://rs.internic.net/domain/, would it require a new build of bind to incorporate them, or is bind able to update its built-in root hints by some other means?
Finally it appears that aside from the built-in empty zones, a forward lookup zone for 'localhost.' is still required to prevent bind from attempting to resolve this name over the Internet. Reverse lookup zones for 127.0.0.1 and ::1 are also required if it is necessary to resolve those addresses to the name 'localhost.' Is it still considered a best practice to explicitly configure these localhost-related zones on recursive resolvers? I see this point addressed in RFC 1912, but don't see anything in RFC 5735 and RFC 6303, which have superseded it.
Jeffry A. Spain
Network Administrator
Cincinnati Country Day School
More information about the bind-users
mailing list