RFC 1918/3330/5735
Barry Margolin
barmar at alum.mit.edu
Fri Jul 17 21:23:28 UTC 2015
In article <mailman.2297.1437162090.26362.bind-users at lists.isc.org>,
Leandro <ingrogger at gmail.com> wrote:
> Hello guys.
> I was writting the reverse zone definitions you recommended some weeks ago.
> What I understood is that RFC 1918/3330/5735 defines the reserved ips
> for internal or experimental use. They can not be routed outside a
> private network.
> It means that my dns cache server should not send those queries to root
> servers.
> I declarer all those ips on a single reverse zone (just showing 3 zones):
>
> zone "10.in-addr.arpa" IN{ //for 10.X.X.X
> type master;
> file "named.loopback";
> allow-update { none; };
> };
>
> zone "16.172.in-addr.arpa" IN{ //for 172.16.X.X
> type master;
> file "named.loopback";
> allow-update { none; };
> };
> zone "168.192.in-addr.arpa" IN{ // for 192.168.X.X
> type master;
> file "named.loopback";
> allow-update { none; };
> };
>
> and use the " named.loopback" file for all of them wich contains:
> $TTL 1D
> @ IN SOA @ rname.invalid. (
> 0 ; serial
> 1D ; refresh
> 1H ; retry
> 1W ; expire
> 3H ) ; minimum
> NS @
> A 127.0.0.1
> AAAA ::1
> PTR localhost.
You shouldn't use @ so much in a reverse zone. @ is replaced with the
origin, which defaults to the zone name. But 10.in-addr.arpa is not a
valid hostname to use in an NS record (although you're apparently making
it valid with the A and AAAA records).
>
> Im not shure how to declare a RR to point to "nowhere". My workaround
> is working but I wonder if it is good practice.
You don't need to do anything. The lack of a record makes it point to
nowhere. The server will never recurse for something within these zones,
since there's no delegation, it will just return an authoritative
NXDOMAIN for any address within these blocks.
--
Barry Margolin
Arlington, MA
More information about the bind-users
mailing list