RFC 2317 for >/24 (was Re: common problems)

Barry Margolin barmar at bbnplanet.com
Wed Sep 8 23:28:15 UTC 1999 

In article <199909082300.TAA14799 at fw1-a.osis.gov>,
Joseph S D Yao  <jsdy at cospo.osis.gov> wrote:
>> In article <37D6D675.86629A91 at cisco.com>,
>> Michael Voight  <mvoight at cisco.com> wrote:
>> >RFC2317.. Read it :)
>> 
>> Wrong.  That's for delegating blocks smaller than /24.  First of all, his
>> blocks are bigger than /24, second of all he's not delegating, he's just
>> configuring a primary server.
>
>The same technique works for blocks bigger than /24.  It's your second
>objection that's the correct one.

While the RFC 2317 technique can be applied for larger blocks, it would
generally be inappropriate to do so.  You would have to make a CNAME record
for every IP address in the block.  E.g. if you were delegating x.y.64.0/20
from a server authoritative for the x.y.0.0/16 reverse domain, the
y.x.in-addr.arpa zone would have to contain:

64/20  NS     <servername>
0.64   CNAME  0.64.64/20
1.64   CNAME  1.64.64/20
....
254.79 CNAME  254.79.64/20
255.79 CNAME  255.79.64/20

That's 4096 CNAME records.  Is that really preferable to delegating 16
subdomains, i.e.:

64  NS  <servername>
65  NS  <servername>
....
79  NS  <servername>

Do you think it's possible to just have 16 CNAME records, i.e.

64/20  NS  <servername>
64  CNAME  64.64/20
65  CNAME  65.64/20
....
79  CNAME  79.64/20

I don't think this will work.  CNAME records are only processed at leaf
nodes, not intermediate nodes of a domain name.  So if you were looking up
10.65.y.x.in-addr.arpa, it would not follow the above CNAME record to
translate that to 10.65.64/20.y.x.in-addr.arpa.

In fact, we have lots of entries in our DNS that would cause recursive
CNAMEs if non-leaf CNAMEs were followed.  Our router naming scheme is of
the form:

<interface1>.<router>.bbnplanet.net.  A  <address of interface1>
<interface2>.<router>.bbnplanet.net.  A  <address of interface2>
....
<router>.bbnplanet.net.  CNAME  <interface1>.<router>.bbnplanet.net.

Before we implemented this scheme, I carefully read the spec and tested
against BIND, and it never got into a loop trying to translate
<interface1>.<router>.bbnplanet.net into
<interface1>.<interface1>.<interface1>...<router>.bbnplanet.net.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list