30 Bře
2025
30 Bře
'25
13:23
Hi Michael,
I guess the sentence "only if the query can't be satisfied from the
zone" means that the zone file takes precedence (and overrides)
automatically generated records. So if you create your reverse zone with
_some_ names in it, synthrecord will generate only for the other names.
Anyway, an alternative to using synthrecord module is to generate the
reverse zone with
https://www.knot-dns.cz/docs/3.4/singlehtml/index.html#reverse-generate
. This method is more offline, so it can be combined with traditional
DNSSEC signing (synthrecord has to be chained with onlinesign to achieve
DNSSEC).
Libor
On 29. 03. 25 20:20, Michael Grimm via knot-dns-users wrote:
Evilham via knot-dns-users
<knot-dns-users(a)lists.nic.cz> wrote:
Thanks,
but my question was more about that:
On ds., març 29 2025, Michael Grimm via
knot-dns-users wrote:
> given the case that a ip6/xy block might be delegated to me by my ISP, I began
investigating Knot DNS' functionality with regard to ip6.arpa.
The "might
be" can be modified into "has been" delegated. Thus I am currently setting
up my PTRs, and I have to learn the Knot way ;-) (10+ years ago I did this with bind)
Hereby I
stumbled over the module synthrecord and do not really understand what it is used for.
From
https://www.knot-dns.cz/docs/3.4/singlehtml/index.html#synthrecord-automati…
"Records are synthesized only if the query can't be satisfied from the
zone."
Please excuse my ignorance, but why would/should/must one return something else than the
following for hosts not in the zone?
those are PTR records and are essential for
things like email (learndmarc.com is a good resource that checks for this) > "Records are synthesized only if the
query can't be satisfied from the zone."
Why would/should/must one return
something like (from the link above) …
kdig -x 2620:0:b61::1
...
;; QUESTION SECTION:
;; 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.6.b.0.0.0.0.0.0.2.6.2.ip6.arpa. IN PTR
;; ANSWER SECTION:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.6.b.0.0.0.0.0.0.2.6.2.ip6.arpa. 400 IN PTR
dynamic-2620-0-b61--1.test.
… if "the query can't be satisfied from the zone."
Thanks and regards,
Michael
--