in-addr.arpa delegation failure

[Stephane Bortzmeyer]

On Tue, Jan 20, 2009 at 04:14:01PM +0000,
 Lars Hecking <lhecking at users.sourceforge.net> wrote 
 a message of 87 lines which said:

>  This host is set up as a master for 172.30/16. It delegates 172.30
>  to a subdomain (A record for ns1.sub.domain.com is present
>  elsewhere).

Hold on! There is already a contradiction. It is supposed to be an
authoritative name server (a master is a special case of an
authoritative name server) but it delegates to a different
machine. You cannot have both. Either dns.domain.com is authoritative
for 30.172.in-addr.arpa or it is not.
 
>  db.172.30:
>  @ IN SOA dns.domain.com. root. 2009012001 10800 3600 604800 300
>    IN NS  ns1.sub.domain.com.

I do not see a delegation of 10.30.172.in-addr.arpa.
 
>  Now, the setup of ns1.sub.domain.com:
>  bind 9.4.2-P2
>  This host is set up as a master for 172.30/16 

Now, you have *two* masters for 30.172.in-addr.arpa. Again, it is a
contradiction (unless the two masters get their data from an external
source such as a DBMS but it does not appear to be the case here).

>  Why is the delegation chain not working? Is it a conflict for having both
>  the top level dns.domain.com. and ns1.sub.domain.com. as master for 172.30?

Partly. You can have only one master. But you may have several
authoritative name servers for one zone (actually, this is
recommended).
 
>  Would it be better to use stubs to delegate 172.30 down from the
>  top level?

No.

>  Do I need to delegate all 255 /24 subnets explicitly at the top
>  level server?

All those you use, yes.

>  I think I'm missing something fundamental here ...

IMHO, you need to go back to the drawing board and, before writing
named.conf and zone files, deciding on a general architecture.

Who will be the master for 30.172.in-addr.arpa?
Who will be authoritative for 30.172.in-addr.arpa?
Who will be the master for 10.30.172.in-addr.arpa?
Who will be authoritative for 10.30.172.in-addr.arpa?