direct master reverse CIDR zone without $GENERATE?
Chris Buxton
cbuxton at menandmice.com
Thu Jul 17 20:38:02 UTC 2008
On Jul 17, 2008, at 1:19 PM, Justin Pryzby wrote:
> I was wondering if it was possible to have a master zone for a partial
> (sub-24 CIDR) reverse zone, without using $GENERATE. The problem is
> that a master zone 3.2.1.in-addr.arpa for a /24 network like could be
> populated with ~256 PTRs, but if one has a /29 (say), and fills it
> with their ~8 PTRs, named will return NXDOMAIN for the other
> addresses. I know that CIDR doesn't use the normal 3.2.1.in-addr.arpa
> but rather something like 128/29.2.1.in-addr.arpa, but that's not a
> master zone.
Yes it is. It's a master zone named 128/29.2.1.in-addr.arpa.
(Actually, that name is wrong - not enough labels. It would more
likely be something like 128/29.3.2.1.in-addr.arpa.)
However, it's up to your ISP to decide whether and how to do this. If
they decide to use the method outlined in RFC 2317, then they get to
make up an arbitrary label for your subnet - 128/29 is just one
example. They could just as easily call the zone "justin.3.2.1.in-
addr.arpa.", or "reverse.example.com.".
> It's possible to use a 3.2.1.in-addr.arpa zonefile with some $GENERATE
> lines [re]delegating everything besides the /29 back to the ISP, but
> then one has to hardcode their NS data, which is unfortunate.
It also doesn't work. Nobody in the outside world would ever ask your
server for this information.
If you're just worried about local resolution, and if your ISP won't
delegate anything to you, and if you care about the NXDOMAIN responses
you would otherwise get for the rest of the /24, then...
> The
> only other alternative I can see is to create a separate zonefile for
> each IP.
... do that. Or get a new ISP, one that will delegate a CIDR subnet
reverse zone to you.
> Is there a better way, or is it just accepted to let named do the
> lookups (at least the most significant octets' NS might well be
> cached), even for local IPs?
As long as there is delegation to your server, it's quite common to
just let the name server find the delegation itself. From that point
on (until the CNAME records expire), all lookups will complete locally.
Chris Buxton
Professional Services
Men & Mice
More information about the bind-users
mailing list