automatic reverse and forwarding zones
Petr Špaček
pspacek at isc.org
Mon Nov 7 14:42:36 UTC 2022
On 07. 11. 22 15:23, Matus UHLAR - fantomas wrote:
>>> On 28.10.22 08:26, Ondřej Surý wrote:
>>>> BIND 9 have support for writing plugins, and we would accept a well
>>>> written
>>>> plugin that would allow generating the forward/reverse plugins on the fly.
>>>>
>>>> There’s already a feature request for it here:
>>>> https://gitlab.isc.org/isc-projects/bind9/-/issues/1586
>
>> On 28. 10. 22 9:29, Matus UHLAR - fantomas wrote:
>>> this request for ipv4 too.
>>>
>>> I really don't think making generic named for ipv6 addresses within
>>> range bigger then e.g. /112 (64Ki addresses) makes any sense.
>>>
>>> prehaps it may for small subsets of IP addresses
>>>
>>> /64 is 18446744073709551616 addresses, that can't be scanned in
>>> meaningful time and this number of DNS records would just mess up any
>>> DNS servers' memory.
>>>
>>> making BIND resilient against overflowing memory this way would make
>>> more sense than creating generic addresses.
>
> On 07.11.22 15:06, Petr Špaček wrote:
>> Yes, that's exactly why plugin is needed. The plugin can generate
>> answers on the fly without having all of them in memory.
>
> what about BIND receiving those records?
> I don't want my resolving DNS server to fill out cache by reverse
> records of any remote ipv6 range/ranges.
>
> We'd need to clean those too.
That's part of normal resolver operation: Garbage in - garbage out -
garbage eventually cleaned out from cache. There is nothing special
about PTR records in that regard.
--
Petr Špaček
More information about the bind-users
mailing list