Split authority for class-B?
Kevin Darcy
kcd at daimlerchrysler.com
Thu Apr 27 20:33:02 UTC 2006
Davenport, Steve M. wrote:
>Resending the message from my outbox one more time. For some reason the text
>was cutoff, maybe someone didn't like the question ;>)...
>
>-----Original Message-----
>From: Davenport, Steve M.
>Sent: Thursday, April 27, 2006 12:38 PM
>To: 'bind-users at isc.org'
>Subject: Split authority for class-B?
>
>
>We own a class-B IP space and our partner organization wants to assume
>ownership of some of our unused addresses (in class-C blocks). Is it
>possible for a root server to segment the class-B and delegate a portion to
>our nameservers and the rest to our partner's nameservers, or must we use
>zone deligation which would mean that the partner's deligated zone would
>have our domain name as a suffix?
>
OK, first of all, pet peeve of mine: "Class B" != /16, "Class C" != /24.
There is no such thing as a "class-C block" within a "class-B IP space",
since the first octet of a Class B address is in the range 128 through
191, and the first octet of a Class C address is in the range 192
through 223. Never the twain shall meet. Please learn and use prefix
terminology. "Class" terminology may sound impressive to the
network-illiterate among telecom professionals it is increasingly viewed
as inaccurate and passe. CIDR rules.
Now, to answer your question: your partner can point their names to the
addresses in the /24 block that are you designating for their use, using
their *own* domain names. There is only a *loose* correspondence, in the
forward DNS, between names and addresses. For that matter, I could point
a name in one of my domains into your address space. I wouldn't need
"permission" or "authorization" for that, certainly no delegation would
be necessary, and the root servers wouldn't know a thing about it.
As for the *reverse* DNS, however, which is much more sensitive to
addressing, you might want to take a little more care. Best option might
be to delegate the reverse zones corresponding to the /24 ranges in
question to the other organization so that they can manage them on their
own. Reverse-zone delegation, however, would not result in them
"hav[ing] [y]our domain name as a suffix", since suffixes in the reverse
DNS, in the absence of RFC 2317 or similar shenanigans, only reflect
address octets, not organizational affiliations.
- Kevin
More information about the bind-users
mailing list