Description Daniel Duchon 2022-05-25 09:00:09 CEST

Szenario:

- Multiple IP-Ranges (10/8, 172.16/16)
- One Central Router with connection to all IP-Ranges and knowledge over each DNS-Server.
- UCS is used as default DNS-Server for IP-Range 10/8.
- IP-Range 172.16/16 is split into multiple sub-ranges (e.g. 172.16.10/24, 172.16.11/24, ...)
- Each range has it's own DNS-Server, all non-UCS.

DNS forward delegation in UCS works perfectly (e.g. test.test1.company is forwarded to central router and from there to DNS-Server of 172.16.10/24, test.test2.company is forwarded to central router and from there to DNS-Server of 172.16.11/24,)

PTR delegation in UCS works if the IP range is none-RFC1918 (e.g. 8.8.8.8)
PTR delegation in UCS does not work, if IP is RFC1918 (e.g. 172.16.10.2)
This is due a default configuration in bind which enables empty-zones:
https://kb.isc.org/docs/aa-00800

This config needs to be set in the options-block in named.conf(.samba4).
Example:
disable-empty-zone "10.IN-ADDR.ARPA";
disable-empty-zone "16.172.IN-ADDR.ARPA";
disable-empty-zone "168.192.IN-ADDR.ARPA";


Currently the only possible options are:
- write this into named.conf(.samba4) directly -> would be overwritten at next config-change
- edit the corresponding template -> should be avoided whenever possible
- create PTR-Records for each host in the corresponding Ranges in UCS -> especially in dynamic and/or big ip-ranges not doable