Delegation of Inverse Zone Subnets
Rich Parkin
RParkin at ldmi.com
Mon Apr 19 15:01:18 UTC 2004
Okay, I've read RFC 2317 a couple of times and I'm having a bit of
trouble grasping some of the finer points...
If I understand it correctly, I first of all have to know exactly how
the address space is being subnetted (and since I don't manage the IP
allocations that in and of itself is going to be a trick). Once
subnetted, it would seem that changing the subnets would involve
restructuring the parent zone each time.
Given 192.0.2.0 as an example, where 192.0.2.192 /27 has been delegated
to the customer. At my end I might have the parent zone
2.0.192.in-addr.arpa containing something that roughly looks like this:
@ IN SOA my-ns.my.domain. hostmaster.my.domain.
(...)
;...
; <<0-127>> /25
; not delegated
;
0-25 NS my-ns.my.domain.
0-25 NS my-ns2.my.domain.
;
1 CNAME 1.0-25.2.0.192.in-addr.arpa.
2 CNAME 2.0-25.2.0.192.in-addr.arpa.
3 CNAME 3.0-25.2.0.192.in-addr.arpa.
;...
; <<128-191>> /26
; not delegated
;
128-26 NS my-ns.my.domain.
128-26 NS my-ns2.my.domain.
;
129 CNAME 129.128-26.2.0.192.in-addr.arpa.
130 CNAME 130.128-26.2.0.192.in-addr.arpa.
131 CNAME 131.128-26.2.0.192.in-addr.arpa.
;...
; <<192-223>> /27
; delegated to customer
;
192-27 NS my-ns.my.domain.
192-27 NS my-ns2.my.domain.
192-27 NS their-ns.their.domain.
192-27 NS their-ns2.their.domain.
;
193 CNAME 193.192-27.2.0.192.in-addr.arpa.
194 CNAME 194.192-27.2.0.192.in-addr.arpa.
195 CNAME 195.192-27.2.0.192.in-addr.arpa.
;...
; <<224-255>> /27
; not delegated
;
224-27 NS my-ns.my.domain.
224-27 NS my-ns2.my.domain.
;
225 CNAME 225.224-27.2.0.192.in-addr.arpa.
226 CNAME 226.224-27.2.0.192.in-addr.arpa.
227 CNAME 227.224-27.2.0.192.in-addr.arpa.
;
In this case, I'd also have three child zones on my nameserver
corresponding to 0/25.2.0.192.in-addr.arpa.,
128/26.2.0.192.in-addr.arpa., and 224/27.2.0.192.in-addr.arpa. as master
zones with all of the corresponding PTR records. The customer would
maintain a child zone for 192/27.2.0.192.in-addr.arpa. and manage their
own PTR records.
Do I essentially have this correct? Am I missing anything?
The RFC strongly suggests that we slave our nameservers to theirs for
the child zone 192/27.2.0.192.in-addr.arpa. I'm not comfortable slaving
our nameservers... can I get away without doing that? This assumes
they're willing to allow me zone transfers, doesn't it?
Richard Parkin
System Administrator
CCNA
Data Center Operations
LDMI Telecommunications
>>> Pete Ehlke <pde at ehlke.net> 4/16/2004 2:19:25 PM >>>
On Fri Apr 16, 2004 at 12:44:02 -0400, Barry Margolin wrote:
>
>RFC 1537 describes how to delegate reverse DNS for a block smaller
than
>/24.
Well, actually, it doesn't. 2317 does ;)
-Pete
More information about the bind-users
mailing list