On Thu, 7 Apr 2005, Eric A. Hall wrote: > This setup works if you know the server is the last resort for your local > clients. It doesn't work as a default install unless you are also willing > to scream warnings about changing the defaults everytime named.conf is > modified for local use.
Would you really have to scream? i.e. named (at least on redhat) comes with something like: zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; $TTL 86400 $ORIGIN localhost. @ 1D IN SOA @ root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum 1D IN NS @ 1D IN A 127.0.0.1 How many admins mess with that? Unless they had reason to (i.e. maybe they use some 1918 space internally and want to setup DNS for it), I doubt that they'd remove similar zone entries intended to be a sink for RFC1918 PTR queries. > Besides which, you'd really prefer to have an internal filter kill the > queries before they are sent to the root (as part of chasing down the > delegation chain), or before it was sent to the authoritative servers for > in-addr.arpa. (if such was already learned), rather than make users > remember to change the configuration file. Defining the zones locally keeps their queries from getting to the root/in-addr.arpa servers. I think I agree with you on losing the * entry, and just letting it return nxdomain. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________