On 4/7/2005 12:05 PM, Jon Lewis wrote:
I added something like this to our binds that handle recursive queries. Is there any reason distros (or ISC) couldn't make this a part of the "default config"?
This setup works if you know the server is the last resort for your local clients. It doesn't work as a default install unless you are also willing to scream warnings about changing the defaults everytime named.conf is modified for local use. Besides which, you'd really prefer to have an internal filter kill the queries before they are sent to the root (as part of chasing down the delegation chain), or before it was sent to the authoritative servers for in-addr.arpa. (if such was already learned), rather than make users remember to change the configuration file. btw your setup would be technically better if it didn't have the wildcard entry since a negative answer is more accurate. negative caching doesn't work as well as long-lived positive caching, but still, negative answers would be more appropriate.
zone "168.192.in-addr.arpa" { type master; file "sink"; };
zone "10.in-addr.arpa" { type master; file "sink"; }; ... other similar zones clipped
sink is just
@ IN SOA localhost. root.localhost. ( 2002100800 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS localhost.
* PTR invalid
-- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/