nanog mailing list archives
Re: The power of default configurations
From: Jon Lewis <jlewis () lewis org>
Date: Thu, 7 Apr 2005 14:02:11 -0400 (EDT)
On Thu, 7 Apr 2005, Eric A. Hall wrote:
This setup works if you know the server is the last resort for your local clients. It doesn't work as a default install unless you are also willing to scream warnings about changing the defaults everytime named.conf is modified for local use.
Would you really have to scream? i.e. named (at least on redhat) comes with something like: zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; $TTL 86400 $ORIGIN localhost. @ 1D IN SOA @ root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum 1D IN NS @ 1D IN A 127.0.0.1 How many admins mess with that? Unless they had reason to (i.e. maybe they use some 1918 space internally and want to setup DNS for it), I doubt that they'd remove similar zone entries intended to be a sink for RFC1918 PTR queries.
Besides which, you'd really prefer to have an internal filter kill the queries before they are sent to the root (as part of chasing down the delegation chain), or before it was sent to the authoritative servers for in-addr.arpa. (if such was already learned), rather than make users remember to change the configuration file.
Defining the zones locally keeps their queries from getting to the root/in-addr.arpa servers. I think I agree with you on losing the * entry, and just letting it return nxdomain. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- Re: botted hosts, (continued)
- Re: botted hosts Valdis . Kletnieks (Apr 04)
- The power of default configurations Sean Donelan (Apr 06)
- Re: The power of default configurations JP Velders (Apr 06)
- Re: The power of default configurations Florian Weimer (Apr 06)
- Re: The power of default configurations Sean Donelan (Apr 06)
- Re: The power of default configurations Duane Wessels (Apr 07)
- Re: The power of default configurations Paul Vixie (Apr 07)
- Re: The power of default configurations Eric A. Hall (Apr 06)
- Re: The power of default configurations Jon Lewis (Apr 07)
- Re: The power of default configurations Eric A. Hall (Apr 07)
- Re: The power of default configurations Jon Lewis (Apr 07)
- Re: The power of default configurations Eric A. Hall (Apr 07)
- Re: The power of default configurations Jon Lewis (Apr 07)
- Re: The power of default configurations Eric A. Hall (Apr 07)
- Re: The power of default configurations just me (Apr 08)
- Re: The power of default configurations Eric A. Hall (Apr 08)
- Re: The power of default configurations Mark Andrews (Apr 06)
- Message not available
- Re: botted hosts John Dupuy (Apr 04)