PTR record handling in a subnetted network

Bob Vance bobvance at alumni.caltech.edu
Tue Mar 6 16:01:54 UTC 2001 

>I've been promulgating it for a while.

Guess I missed it :)


>If folks are *really* insistent on segregating their PTR records from
other
>types of records, they could always just create a subzone for the
purpose,
>e.g. rev.example.com.

This retains the reduced delegations :), but of course still means 2
zones
for the end-user :|
I've presented both ways (forward and sub-zone of forward).

I had the "advantage" (?) of not reading RFC2317 before coming up with
this
idea on my own, so it seems very clear to me :)
While noodling with the best way to set up DHCP dynamic-update zones and
separating them from static data, I realized that I could simply have
one
dynamic zone with the As and PTRs in the same zone and it could be a
subzone
of the main forward zone.  Of course this required the "extra" CNAMEs,
but
on a small net with not that many reverse lookups, the extra hit wasn't
an issue.
Then, I thought,
   "Wait.  This should work for classless delegation, too!
    We *must* have the extra CNAMEs anyway, so there's no technical
loss.
    Hey, I'm on to something here!  ( :)
   "
Ah!  The innocent naivete!



-------------------------------------------------
Tks        | <mailto:BVance at sbm.com>
BV         | <mailto:BobVance at alumni.caltech.edu>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430           11455 Lakefield Dr.
Fax 770-623-3429           Duluth, GA 30097-1511
=================================================





-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of Kevin Darcy
Sent: Monday, March 05, 2001 11:07 PM
To: bind-users at isc.org
Subject: Re: PTR record handling in a subnetted network



I've been promulgating it for a while.

Old habits seem to die hard. Many folks appear to be locked into the
mindset that PTR records *must* be owned by an in-addr.arpa name. Or,
they
are reading RFC 2317's *example* naming conventions as mandates, not
realizing that the scheme -- which basically just boils down to "hey,
use
aliases to delegate control" -- is actually a lot more flexible than
that
and aliasing into an already-existing "forward" zone could save some
unnecessary delegations...

If folks are *really* insistent on segregating their PTR records from
other
types of records, they could always just create a subzone for the
purpose,
e.g. rev.example.com. Or, if they foresee expanding to multiple address
ranges, perhaps extranet1.example.com, extranet2.example.com etc.

I should point out, however, that this may all sound rather uninformed
and/or hypocritical coming from me. I've never actually had to do DNS
for a
sub-/24 address range in the real world; only in testbeds. So folks
should
take such recommendations with a grain of salt.


- Kevin

Bob Vance wrote:

> >That's because it's allowed under the sections I quoted.
>
> I understand and noticed that :)
>
> My question was why anyone would want to go to the trouble of
>     . the ISP's delegating another zone
> and . requiring another zone for the end-user to manage
>
> All the discussions seem to focus on this delegation some sub-zone of
> z.y.x.in-addr.arpa. , rather than simply using CNAMEs into the
> already-existing forward zone.
>
> What I was saying is that the latter seems to me to be a better and
> simpler solution and no one has said differently or given any
drawbacks
> to this solution.  If the advantages are there and there aren't any
> drawbacks, then why isn't this solution promulgated more on this list?
>
> -------------------------------------------------
> Tks        | <mailto:BVance at sbm.com>
> BV         | <mailto:BobVance at alumni.caltech.edu>
> Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
> Vox 770-623-3430           11455 Lakefield Dr.
> Fax 770-623-3429           Duluth, GA 30097-1511
> =================================================
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Joseph S D Yao
> Sent: Monday, March 05, 2001 7:02 PM
> To: bind-users at isc.org
> Subject: Re: PTR record handling in a subnetted network
>
> On Mon, Mar 05, 2001 at 06:20:02PM -0500, Bob Vance wrote:
> > Personally, and as I have said here before, I would prefer to have
the
> > ISP's CNAMEs simply point into my forward zone.
> >
> > At least 2 benefits:
> >  . no new zone delegations nor NS RRs for anybody to worry about,
> >  . the PTRs can sit right next to their corresponding forward RR.
> >
> > No one has yet given me a reason for *not* doing that.
>
> That's because it's allowed under the sections I quoted.
>
> ----------------------------------------------------------------------
-
>    This way you can actually end up with the name->address and the
>    (pointed-to) address->name mapping data in the same zone file -
some
>    may view this as an added bonus as no separate set of secondaries
for
>    the reverse zone is required.  Do however note that the traversal
via
>    the IN-ADDR.ARPA tree will still be done, so the CNAME records
>    inserted there need to point in the right direction for this to
work.
> ----------------------------------------------------------------------
-
>
> Sorry, they already thought of that.  ;-]
>
> --
> Joe Yao                         jsdy at cospo.osis.gov - Joseph S. D. Yao
> COSPO/OSIS Computer Support                                     EMT-B
> ----------------------------------------------------------------------
-
> This message is not an official statement of COSPO policies.

More information about the bind-users mailing list