reverse zone of type forward when /28 subnet
Dmitri Tarkhov
tarkhov at dionaholding.ru
Sat Dec 29 11:05:49 UTC 2012
Hi,
this finally works:
view "reverse1" IN {
recursion yes;
zone "z.y.x.in-addr.arpa" IN { type forward; forward only;
forwarders { A; B; }; };
zone "localhost" IN { type master;
file "master.localhost"; };
zone "0.0.127.in-addr.arpa" IN { type master;
file "localhst.rev"; };
};
And Happy New Year!
Dmitri Tarkhov wrote:
> Hi, all,
>
> thank you very much for discussion. It was interesting and very useful.
> You can pretty well imagine that I am not much dns involved,
> I am rather unix and unix HW guy.
> Unfortunately I saw dns cache poisoning attack and although it could be
> provoked by side effects it's better to get rid of it altogether.
> For just 14 (241-254) addresses it is not difficult to maintain 2 types
> of master zones in sync (RFC 2317 and RFC 1035) and it's enough to put a
> couple of comment lines to not forget it later.
> Yes, life is short but this is not the reason to not train the brain,
> can help to hook a life a bit longer ...
> Bring stir to the chicken coop and request compliance is generally
> good idea and fingers itch but I don't expect much from our ISPs ...
> So first I'll try "type forward" within a view,
> then I'm sure, one address zones can serve me right.
> I will also contact the ISP but without great expectations.
>
> Why I do all this is:
> - enforce security
> - assure stable mail exchange (which depends on reverse resolving)
>
> Mark Andrews wrote:
>
>> In message <50DCD454.2070303 at dougbarton.us>, Doug Barton writes:
>>
>>> On 12/27/2012 11:18 AM, Mark Andrews wrote:
>>>
>>>> zone "241.Z.X.Y.IN-ADDR.ARPA" {
>>>> type master;
>>>> file "241.Z.X.Y.IN-ADDR.ARPA";
>>>> };
>>>
>>>
>>> That's great locally, but it doesn't match the 2317 delegation from
>>> the upstream, and usually it's not possible to change what they send
>>> you.
>>>
>>> Or are you suggesting maintaining both the individual versions of the
>>> zones, and the 2317 zone?
>>
>>
>>
>> No. I'm suggesting that they tell their ISP to do RFC 2317 right
>> or do RFC 1035 delegations. If their ISP won't do either change
>> ISP.
>>
>>
>>> Doug
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>> unsubscribe from this list
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>
>
--
Best regards,
Dmitri Tarkhov
More information about the bind-users
mailing list