Why are queries for some PTR records no longer forwarded since upgrading to BIND 9.9.0?
  • 06 Jun 2019
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Why are queries for some PTR records no longer forwarded since upgrading to BIND 9.9.0?

  • Dark
    Light
  • PDF

Article Summary

This behavior may be encountered due to the introduction of automatic empty zones for RFC 1918 prefixes if you are using IP addresses within the RFC 1918 private address space.

BIND provides a number of empty zones that are automatically configured and loaded (for each view) when named starts. The purpose of these zones is to prevent recursive servers from sending meaningless queries to Internet servers that cannot handle them (thus creating delays and SERVFAIL responses to clients who query for them). These empty zones ensure that immediate and authoritative NXDOMAIN responses are returned instead.

All empty zones that named loads automatically are logged as they are created and loaded when named starts up, or you can refer to the list in the Administrator Reference Manual (available in this KB here and in the BIND distributed source code).

The configuration option empty-zones-enable controls whether or not empty zones are created, while the option disable-empty-zone can be used in addition to disable one or more empty zones from the list of default prefixes that would be used.

For a view that has recursion enabled, the default is empty-zones-enable** yes;.

For a view that has recursion disabled, the default is empty-zones-enable** no;.

For a longer and more detailed article on the implementation of automatic empty zones, see: Automatic empty zones (including RFC 1918 prefixes).