Re: Internal DNS Inverse Configuration
This is a discussion on Re: Internal DNS Inverse Configuration within the Bind Users forums, part of the DNS and Related Forums category; The normal problem is that the 10.in-addr.arpa namespace is not defined at all, and forwarding to the ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-04-2005
|
|||
|
|||
Re: Internal DNS Inverse Configuration
The normal problem is that the 10.in-addr.arpa namespace is not defined
at all, and forwarding to the Internet is enabled. So, if someone does a reverse lookup of a 10.*.*.* address, it gets forwarded out to the Internet, and since the 10.in-addr.arpa servers on the Internet don't respond quickly, the queries time out. By defining 10.in-addr.arpa internally, one is able to prevent those queries being forwarded to the Internet, and this _usually_ fixes the timeout problem. If you have the 10.in-addr.arpa namespace defined, then maybe we're looking at a different problem than the usual one. Do you have the 10.in-addr.arpa zone *itself* defined, or do you define zones at a lower level? If you don't have 10.in-addr.arpa itself defined as an authoritative zone, then any 10.*.*.* reverse queries outside the subzones you've explicitly defined will still be subject to the forwarding problem described above. For that matter, if you have delegated subzones of 10.in-addr.arpa and global forwarding in effect, then you should define "forwarders { };" to prevent queries in those subzones being forwarded by nameservers that don't happen to be authoritative for them. - Kevin Nick Allum wrote: >Yes The 10 address space is defined however there are a number of >workstations etc... In that space and we do not define inverse entries >for them. And I understand there is a way for the DNS Server to respond >more quickly on addresses not specifically defined (respond with a >fail). > >Thanks again for the help > >-----Original Message----- >From: bind-users-bounce@isc.org [mailto:bind-users-bounce@isc.org] On >Behalf Of Kevin Darcy >Sent: Friday, March 04, 2005 2:59 PM >To: comp-protocols-dns-bind@isc.org >Subject: Re: Internal DNS Inverse Configuration > > >Nick Allum wrote: > > > >>I have an internal Solaris Bind 8 Server and we are looking to improve=20 >>performance with regards to inverse entries. We have an internal 10=20 >>network and have inverse entries for some of our devices. The problem=20 >>is when we do an inverse lookup on a 10 address that is not in dns it=20 >>takes a bit of time to come back with a failed response. I understand=20 >>that there is a way so if the inverse entry is not there for one of our >> >> > > > >>10 addresses we can get the dns server to quickly respond. Does anyone=20 >>know what the configuration is. >> >> >> >It's "reverse", not "inverse". > >Simple answer: define the 10.in-addr.arpa namespace in your internal=20 >DNS. I'm somewhat surprised that you haven't already done this. Haven't=20 >you actually *wanted* those 10.*.*.* addresses to reverse-resolve to=20 >meaningful names? > >=20 > > - Kevin > > > > > > > > > 
|
Linear Mode
