[79443] in North American Network Operators' Group
Re: The power of default configurations
daemon@ATHENA.MIT.EDU (Jon Lewis)
Thu Apr 7 14:04:40 2005
Date: Thu, 7 Apr 2005 14:02:11 -0400 (EDT)
From: Jon Lewis <jlewis@lewis.org>
To: "Eric A. Hall" <ehall@ehsco.com>
Cc: nanog@merit.edu
In-Reply-To: <4255714C.2000309@ehsco.com>
Errors-To: owner-nanog@merit.edu
On Thu, 7 Apr 2005, Eric A. Hall wrote:
> This setup works if you know the server is the last resort for your local
> clients. It doesn't work as a default install unless you are also willing
> to scream warnings about changing the defaults everytime named.conf is
> modified for local use.
Would you really have to scream? i.e. named (at least on redhat) comes
with something like:
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
How many admins mess with that? Unless they had reason to (i.e. maybe
they use some 1918 space internally and want to setup DNS for it), I doubt
that they'd remove similar zone entries intended to be a sink for RFC1918
PTR queries.
> Besides which, you'd really prefer to have an internal filter kill the
> queries before they are sent to the root (as part of chasing down the
> delegation chain), or before it was sent to the authoritative servers for
> in-addr.arpa. (if such was already learned), rather than make users
> remember to change the configuration file.
Defining the zones locally keeps their queries from getting to the
root/in-addr.arpa servers.
I think I agree with you on losing the * entry, and just letting it return
nxdomain.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
