Advice for DNS reverse zones
Bob Harold
rharolde at umich.edu
Wed Feb 6 20:11:46 UTC 2019
On Wed, Feb 6, 2019 at 1:03 PM Mik J via bind-users <
bind-users at lists.isc.org> wrote:
> Hello,
>
> I would like to know how do you manage reverse zones and the 10.x.x.x zone
> particularly.
>
> I can see three choices:
> - One global 10.in-addr.arpa zone
> - Many /24 zones 1.1.10.in-addr.arpa zone
> - Something in between
>
> One global zone:
> The problem is that I end having a very populated zone and if someone asks
> me to setup an acl or anything like that it has to be global.
> This solution might be the easiest but definatly not the best in terms of
> scalability
>
> Many /24 zones:
> The problem is that I end creating zones all the time or make them first
> in one go, so 65536 zones...
> And when someone has a /16 network I need to delete the 256 x /24 zones to
> make one single.
>
> What do you people do on your DNS servers ?
>
> And is it possible to make a 1.1.10.in-addr.arpa for the 16 first
> adresses (a /28 network) ?
>
> Regards
>
For ranges with few records, that don't need to be acl'ed or delegated, put
them in the 10.in-addr.arpa zone.
Any /16 that has a lot of records can be split off into its own
2.10.in-addr.arpa.
An if a /24 gets really busy, you can split it out 5.1.10.in-addr.arpa
There is no need to create all 256 /16's or all the /24's, just create them
as needed.
If having different sizes is too confusing, I suggest all /16's.
--
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190206/a5c4cd56/attachment.html>
More information about the bind-users
mailing list