[nsd-users] Setting up Reverse DNS Delegation
Peter Koch
pk at denic.de
Mon Mar 2 18:52:22 UTC 2009
On Mon, Dec 22, 2008 at 09:26:29AM +0100, Stephane Bortzmeyer wrote:
> > What I find strange is that I've been asked to allow AXFR from one
> > of their DNS servers
>
> It is in RFC 2317 (section 5.1) but I believe it is a bad (or at least
> outdated) idea.
the background was to enable the parent to respond with the CNAME target
at the same time as the CNAME (so the CNAME wouldn't have to be followed
by either the responding server or the resolver). With all the new
restrictions on the answer section, indirection and CNAME (and DNAME) targets,
this migfht no longer be too important today, indeed.
What is and has been a good idea, though, is to have a (stealth) secondary
of the delegating zone (the one with the RFC 2317 CNAME RRs) on the side of the
client, so the reverse resolution works independent of any connection to the ISP.
Both issues could go into an update of or amendment to RFC 2317.
-Peter
More information about the nsd-users
mailing list