sendmail.org

Set up DNS for your private address space

A description of the problem

At present, the root nameservers are delegating the private IP space to black-hole servers. If your software does a gethostbyaddr(192.168.2.3) or gethostbyaddr(10.5.5.5) or gethostbyaddr(172.16.23.7), or of any of the other IP addresses in private IP address space, it may never get a DNS response. The gethostbyaddr() library function will return a failure, but only after a noticeable delay. You will see the effects of this in a slow response to a connection from one of these IP addresses.

If you have only a small number of hosts in your private address space, adding entries for all to "/etc/hosts" will usually correct the problem. If you have a large number of hosts, the better solution is to setup your own DNS server. Make it authoritative (a primary server) for 168.192.in-addr.arpa (or the appropriate zone for other private address ranges). You can set it up as a forwarding server, to forward all other requests to the DNS servers provided by your ISP, if you are currently using your ISPs DNS. Then have /etc/resolv.conf list your own DNS server.

The result will be that your reverse DNS queries, as in gethostbyaddr(), will always give fast responses, since they are getting authoritative answers from your own server. Even if you don't add any actual entries, your queries will get quick responses indicating a lookup failure, instead of painfully slow timeouts.

Sample files

The links below are samples only. You will need to edit them to suit your needs.

• A sample "named.conf" file
• A sample forward zone file
• A sample reverse zone file
• A sample localhost reverse zone file
• A sample "root.cache" file