Allowing recursive queries of 'static-stub' zones
Tony Finch
dot at dotat.at
Tue Feb 3 11:13:41 UTC 2015
Enrico Scholz <enrico.scholz at sigma-chemnitz.de> wrote:
>
> Unfortunately, our ISP (Deutsche Telekom) does not allow AXFR of the
> /24 zone. I solved it now by declaring an external (non-recursive)
> and internal (recursive) view, where the external one is a master
> for 2.1.10.in-addr.arpa covering only our 31-24 range. This will
> break when zone is DNSSEC signed, but when this happens, AXFR can be
> simulated and I can ship the whole zone.
If you are contemplating hacks like that, there is no need to wait for
DNSSEC because it is trivial to enumerate reverse IPv4 zones :-)
dig +noall +answer 2.1.10.in-addr.arpa in any
i=0; while [ $i -lt 256 ]; do
dig +noall +answer $i.2.1.10.in-addr.arpa in any
i=$((i+1))
done
You will need something a bit more complicated than that if the
delegations in the zone need glue. (But that is rare for reverse zones.)
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Northwest Rockall: Northerly 5 to 7, occasionally gale 8 at first, becoming
variable 4 later. Rough or very rough. Wintry showers. Good.
More information about the bind-users
mailing list