Problems classless in-addr delegation
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Mon Oct 14 22:09:42 UTC 2002
Michael E. Hanson <MEHanson at gryphonsgate.com> wrote:
> Maybe I'm being a little archaic here, but my understanding is that you
> cannot have a delegated CIDR block of three addresses. You can have a block
> of 4 addresses, of which only two are usable, or a block of 8 of which only
> 6 are usable, but you can't have three.
> Now, looking back at my CIDR notes, I think the only valid CIDR block that
> encompasses the addresses a.b.c.74,75,&76 is a.b.c.72/29, which uses
> a.b.c.72 as the network address, and a.b.c.79 as the broadcast address,
> leaving .73, .74, .75, .76, .77, & .78 as device (or host) addresses. At
> the /30 level, a.b.c.74 can be a device address but not a.b.c.75 (broadcast
> for a.b.c.72/30) or a.b.c.76 (which is itself a network address
> a.b.c.76/30).
> So, regardless of whether one is using BIND or DJBDNS, is it even possible
> to do what the original poster was attempting? Or is there something I'm
> missing here?
Yes, one may CIDR-delegate every single ip. This is since each ip
needs an individual CNAME, and each customer needs a unique zone.
There is no correlation of subnetting per se.
In fact, a customer does not need a separate zone at all, all reverse
might be done in the forward file ( which might even be easier
for a "mom-and-dad shop" to administer this way. It's not in "the book"
but some day i might convince Crickett :-)
> _______________
> Michael E. Hanson
> President, Gryphon Consulting Services
> (http://www.GryphonsGate.com)
> P.O. Box 1151
> Bellevue, NE 68005-1151
> (402) 871-9622
> MEHanson at GryphonsGate.com (primary)
> Gryphons_Master at yahoo.com
> ----- Original Message -----
> From: <phn at icke-reklam.ipsec.nu>
> Newsgroups: comp.protocols.dns.bind
> To: <comp-protocols-dns-bind at isc.org>
> Sent: Monday, October 14, 2002 5:19 AM
> Subject: Re: Problems classless in-addr delegation
>>
>> phn at icke-reklam.ipsec.nu wrote:
>>
>> > Carl Olsson <carol043 at student.liu.se> wrote:
>>
>> >> Hi!
>>
>> >> We are installing djbdns on a network with 1 server and 2 clients. The
>> >> server has the IP address 130.236.189.74 and the clients has 75 and 76
>> >> as the last nr. We have already written:
>>
>> >> ./add-ns server3.a3.sysinst.ida.liu.se 130.236.189.74
>>
>> >> but the problem is that we must use classless in-addr arpa delegation
>> >> and we only have the 3 IP addresses. Can someone explain this? How do
>> >> I write the ./add-ns command for this? What is a zone? Is that useful?
>>
>> >> Regards
>> >> Carl Olsson
>>
>> > You better ask in a group dedicated to djdns. This group deals with
> bind.
>>
>> I usually try _not_ to follow up on my own posts, but politeness
>> forces me to try to give a more complete answer :
>>
>> Classless reverse delegation aka RFC2317 delegation is a method
>> used to enable delegating smaller networks then the classical 'A' 'B' and
>> 'C' sizes.
>>
>> Short description :
>> suppose you have been assigned ip 11.22.33.41 - 11.22.33.44 from your ISP.
>>
>> For reverse records ( PTR records) dns have previously relied on the
>> fact that the zone 33.22.11.in-addr.arpa may have labels for
>> the last field ( 41 to 44 ) where each field can be represented
>> with a record :
>> 41 IN PTR <your real hostname>
>> 42 IN PTR <your next host> etc
>>
>> to be able to delegate less then 256 ip, a trick was invented where
>> a zone ( with a made-up name ) is delegated in this zone, say "CarlO" for
>> this example.
>>
>> The isp does 2 things in the zonefile for 33.22.11.in-addr.arpa. :
>>
>> 1/ delegate the zone CarlO.33.22.11.in-addr.arpa. to your nameservers
>> 2/ created CNAME's for each and every ip assigned to you, they might
>> look like :
>> 41 IN CNAME 41.CarlO.33.22.11.in-addr.arpa.
>> 42 IN CNAME 42.CarlO.33.22.11.in-addr.arpa.
>>
>> This will driva any nameserver looking for the PTR for
>> 41.33.22.11.in-addr.arpa. to return the answer "don't look here, ask
>> for "41.CarlO.33.22.11.in-addr.arpa." instead. That's the normal
>> interpretation of a CNAME, nothing new here.
>>
>> A nameserver that has gotten this responce should continue, replacing
>> the original question with the CNAME answer. Thus a new question
>> should be made for "41.CarlO.33.22.11.in-addr.arpa." PTR ? During
>> the resolution process a delegation to your nameservers will be found,
>> thus they should be asked.
>>
>> Now you must have prepared your nameservers to answer queries for
>> the zone "CarlO.33.22.11.in-addr.arpa." , and the queries asked
>> should be for "PTR". Thus you populate the zone with "PTR" records
>> in addition to yor SOA and NS records that every zone has.
>>
>> This zone's contents looks like any other in-addr.arpa zone. The only
>> thing that differs is in named's configfile, instead of
>>
>> zone "41.33.22.11.in-addr.arpa." {
>> type master;
>> file "name-of.file";
>> };
>>
>> you write :
>> zone "CarlO.33.22.11.in-addr.arpa" {
>> type master;
>> file "name-of.file";
>> };
>>
>> See RIPE documentation "http://www.ripe.net/ripe/docs/ripe-192.html"
>> and consult THE book : "Managing DNS and BIND" by crickett liu, as you
>> live in sweden i'll be hapy to sell you a copy.
>>
>> Now you have opt'ed for djdns, sorry but i cannot help you here. You
>> will have to find out elsewhere. But if you yurn to bind we
>> will be more then happy to help you out.
>>
>>
>>
>> regards
>>
>> > --
>> > Peter Håkanson
>> > IPSec Sverige ( At Gothenburg Riverside )
>> > Sorry about my e-mail address, but i'm trying to keep spam
> out,
>> > remove "icke-reklam" if you feel for mailing me. Thanx.
>>
>>
>> --
>> Peter Håkanson
>> IPSec Sverige ( At Gothenburg Riverside )
>> Sorry about my e-mail address, but i'm trying to keep spam out,
>> remove "icke-reklam" if you feel for mailing me. Thanx.
>>
>>
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list