On Wed, Apr 18, 2018 at 11:44:27AM -0300, Roberto Carna wrote: > Dear, I have impelmented a BIND9 server. It works OK, but some days > ago an application failed because it needed to resolve the reverse of > some IP addresses from range 10.x.x.x, and they waited for a long time > and failed, because they need a NXDOMAIN fast response. > > I don't want to make a local zone 10.IN-ADDR.ARPA,
You don't need to. See the "built-in empty zones" section of the BIND 9 ARM, chapter 6. > because I want to > use the two public nameservers from Internet: > > BLACKHOLE-1.IANA.ORG (192.175.48.6) > BLACKHOLE-2.IANA.ORG (192.175.48.42) What?? Why? Those are not supposed to be used. BIND now includes empty zones for all RFC 1918 and other reserved netblocks which shouldn't ever appear on the open Internet. If you use some of these networks inside your organization, you can have authoritative zones for the corresponding in-addr.arpa zones. [snip] > Is it OK that I do? Are blackholes servers useful for this purpose ? Not at all. That's why we have the automatic empty zones. Sadly, many distributors are not aware of the feature, so they distribute named.conf with kludges. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users