openSUSE admin

Currently we have a zone for each segment in our PRG2 location:

chip (pDNS master):~ # pdnsutil list-all-zones|grep e.7.2.b.0.4.e.d.7.0.a.2.ip6.arpa
4.0.2.1.e.7.2.b.0.4.e.d.7.0.a.2.ip6.arpa
3.0.2.1.e.7.2.b.0.4.e.d.7.0.a.2.ip6.arpa
e.7.2.b.0.4.e.d.7.0.a.2.ip6.arpa
9.0.2.1.e.7.2.b.0.4.e.d.7.0.a.2.ip6.arpa

In e.7.2.b.0.4.e.d.7.0.a.2.ip6.arpa there are delegations to the three subzones.

We have more network segments which currently lack reverse DNS. Adding them would be straight forward, but is a bit cumbersome to do repetitively.

Consider removing these subzones and just having one big zone covering the whole /48 of a location, or, if there is deemed to be some benefit in the segregation, automate the creation of new subzones.

I think one "benefit" is to have logical separation between the "public" (o.o) and "internal" (i.o.o) PTR records (quotation marks because practically both are public anyways). The subzones as they are also use separate signing keys for DNSSEC, refactoring will come with signing everything using a single key.