Reverse zone delegation for 172.16.16.0/20 - HOW TO?
Ellad G. Yatsko
eyatsko at ngs.ru
Mon May 21 06:20:15 UTC 2012
Dear Barry!
I tried to delegate 172.16.16.0/ doing the following on the central site:
$ORIGIN 16.172.in-addr.arpa.
$GENREATE 16-31 $ NS srvgate.sokol.msk.united-networks.ru.
It works! :-) You are right! :-)
But I don't understand what do I need do on "sokol.msk"-server?
Do I need create 16 independent files for
16.16.172.in-addr.arpa...31.16.172.in-addr.arpa
or is there a way which allow me to aggregate all of those in a one file?
It is clear to me how I can treat /16 zones... :-) But I still don't
understand what I can make
with "accepting" server..
Kind regards,
Ellad
> In article<mailman.823.1337358596.63724.bind-users at lists.isc.org>,
> "Ellad G. Yatsko"<eyatsko at ngs.ru> wrote:
>
>> Hello!
>>
>> There is the Supernet 172.16.0.0/12 is distributed through my network.
>> Some network hierarchy is built in this Supernet. Some addressing plan
>> is used.
>>
>> There are some towns. Each town has IP pool of
>> 172.16.0.0/16...172.30.0.0/16.
>>
>> There are some sites in different districts of above towns, they get a
>> block of IP-addresess: 172.xx.0.0/20 from its main town's server.
>>
>> Each ending site uses its networks in the following way:
>> - servers;
>> - voice;
>> - video surveillance;
>> - top-managers;
>> - accounting;
>> - ... some other departaments.
>>
>> Indeed it's no matter what and why. Now I want to build hierarchic
>> structure of DNS servers in each location. And delegate zones accordingly.
>> But I have some troubles in the beginning. How do I describe topmost
>> 172.16.0.0/12 zone?
>>
>> I used a trick and made zone 172.in-addr.arpa. It is not exact but it works.
> The problem with this is that you won't be able to do reverse lookups
> for other 172.x.x.x addresses outside the RFC 1918 block. Maybe you
> could download the real 172.in-addr.arpa zone, and merge your changes
> into it.
>
>> But I can't at all to delegate block 172.16.0.0/16 to second level
> In the 172.in-addr.arpa zone, just do a normal delegation:
>
> 16 IN NS second-level-server.
>
>> server to say nothing about delegation 172.16.16.0/20 from second level
>> to ending DNS!
> You can use $GENERATE for this. In the zone file for
> 17.172.in-addr.arpa, do:
>
> $GENERATE 16-31 $ IN NS srvgate.sokol.msk.united-networks.ru.
>
>> Then I tried to solve this task in the most general way. I thought If I
>> learn how to delegate "most difficult zone" I delegate simplier one easily.
>>
>> So I began to delegate 172.16.16.0/20 (not 172.16.0.0/16) from topmost
>> server to its neighbor as follows:
>>
>>
>> zone "172.in-addr.arpa" {
>> type master;
>> file "/etc/bind/master/reverse/172.in-addr.arpa";
>> forwarders { };
>> };
>>
>> and (in zone file):
>>
>> 0.16/20.16.172.in-addr.arpa. IN NS
>> srvgate.sokol.msk.united-networks.ru.
>> $GENERATE 0-256 $.16.16.172.in-addr.arpa. IN CNAME
>> $.0.16/20.16.172.in-addr.arpa.
>> $GENERATE 0-256 $.31.16.172.in-addr.arpa. IN CNAME
>> $.0.31/20.16.172.in-addr.arpa.
> This technique is really only needed for delegations of blocks smaller
> than /24. For anything larger, just do multiple delegations.
>
More information about the bind-users
mailing list