[Pdns-users] Migration to a single 10.in-addr.arpa Reverse Zone
Brian Candler
b.candler at pobox.com
Wed Apr 30 09:46:30 UTC 2025
On 30/04/2025 09:19, Alessandro Lota via Pdns-users wrote:
> If a specific reverse zone like a /24 exists, it could have precedence
> over a /8 during resolution (NOT TESTED!!!).
On the auth server: this will be fine. Many servers host a domain and
its sub-domains: this is normal practice.
On the recursor: you just need a single forwarding rule for
10.in-addr.arpa. You can make this change first if you like. If
someone tries to resolve a subdomain that doesn't exist like
42.10.in-addr.arpa before you've made the auth server authoritative for
the whole of 10.in-addr.arpa then it will respond with REFUSED, which
will be seen as a failure by clients. But you can add an empty
10.in-addr.arpa zone and then it will become NXDOMAIN. And then migrate
your records.
More information about the Pdns-users
mailing list