Hi Michael,
I guess the sentence "only if the query can't be satisfied from the
zone" means that the zone file takes precedence (and overrides)
automatically generated records. So if you create your reverse zone with
_some_ names in it, synthrecord will generate only for the other names.
Anyway, an alternative to using synthrecord module is to generate the
reverse zone with
https://www.knot-dns.cz/docs/3.4/singlehtml/index.html#reverse-generate
. This method is more offline, so it can be combined with traditional
DNSSEC signing (synthrecord has to be chained with onlinesign to achieve
DNSSEC).
Libor
On 29. 03. 25 20:20, Michael Grimm via knot-dns-users wrote:
Evilham via knot-dns-users <[email protected]> wrote:
On ds., març 29 2025, Michael Grimm via knot-dns-users wrote:
given the case that a ip6/xy block might be delegated to me by my ISP, I began
investigating Knot DNS' functionality with regard to ip6.arpa.
The "might be" can be modified into "has been" delegated. Thus I am currently
setting up my PTRs, and I have to learn the Knot way ;-) (10+ years ago I did this with bind)
Hereby I stumbled over the module synthrecord and do not really understand what
it is used for.
From
https://www.knot-dns.cz/docs/3.4/singlehtml/index.html#synthrecord-automatic-forward-reverse-records
"Records are synthesized only if the query can't be satisfied from the zone."
Please excuse my ignorance, but why would/should/must one return something else
than the following for hosts not in the zone?
those are PTR records and are essential for things like email (learndmarc.com
is a good resource that checks for this)
Thanks, but my question was more about that:
"Records are synthesized only if the query can't be satisfied from the zone."
Why would/should/must one return something like (from the link above) …
kdig -x 2620:0:b61::1
...
;; QUESTION SECTION:
;; 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.6.b.0.0.0.0.0.0.2.6.2.ip6.arpa. IN
PTR
;; ANSWER SECTION:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.6.b.0.0.0.0.0.0.2.6.2.ip6.arpa. 400
IN PTR dynamic-2620-0-b61--1.test.
… if "the query can't be satisfied from the zone."
Thanks and regards,
Michael
--
--
