Over in bind-users somone suggested a CIDR rDNS kludge in which you delegate a bunch of names out of a rDNS zone to a second server, and the second server answers them all from one zone, like this
$ORIGIN 1.1.1.in-addr.arpa. @ SOA blah 10 NS otherserver 11 NS otherserver 12 NS otherserver and on the other server $ORIGIN 1.1.1.in-addr.arpa. @ SOA blah 10 PTR foo 11 PTR bar 12 PTR baz That is, the two zones have the same apex, and NS records point into the interior of the second zone, not at the apex. That works in BIND, of course, but it seems wrong. I am having trouble tracking down the specification of why it is wrong. Any sugestions? It would fail with DNSSEC since there's no DNSKEY to match the delegation DS, but how wrong was it before that? Signed, Confused _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
