reverse delegation of subnet

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Thu Aug 10 01:33:04 UTC 2000 

> 
> At 06:51 PM 08/09/00 +0200, Thomas Reitelbach wrote:
> 
> >i've got a question about reverse delegating a subnet.
> >i've got a /29 subnet starting at 62.153.204.64 and have to set up a
> >reverse zone for that ip-range, but how do i do that?
> 
> You will need to talk to your ISP for delegation and the details for your
> zone as there are a couple of ways to set it up, and it depends on how your
> ISP does the CNAME mapping to your name server.

	He has and it is working which was obvious from the nslookup
	output or if you had taken the time to actually perform
	the lookup yourself.

> 
> Your reverse lookup won't work now since it isn't delegated by your ISP,
> that's why your tests are failing.

	They are not failing.
> 
> 
> >64.204.153.62.in-addr.arpa.     IN      SOA     frzdaten.troficent.de.
> ...
> >68                      IN      PTR     frzdaten.troficent.de.
> >66                      IN      PTR     ns2.troficent.de.
> >65                      IN      PTR     pleasure.troficent.de.     
> 
> >i thought that it would be ok this way, but when i make a nslookup
> >"nslookup 62.153.204.68" i see the following:
> 
> Using your zone file name, to test locally, you would have ask your name
> server to lookup.
> 
  68.64.204.153.62.in-addr.arpa.
> 

	To test locally you need a copy of the parent zone.
	Applications don't know about the CNAME records until they
	encounter them so testing has to take that into account.

	You should also have a copy of the parent zone so that
	local lookups don't fail when you are disconnected from
	the net / parent zone servers.  Typically you become a
	slave for the parent zone.

> To make that work on the internet, your ISP will have to make a CNAME
> mapping to that name, an provide the delegation to your name server so
> people can follow the CNAME.
> 
> Use dig to test, and set no recurse so you don't get responses from other
> servers.

	Generally setting +norec is a good idea, however testing
	in this case it requires both parent and child zones to be
	configured and depending upon which servers are serving
	which zones recursion may be needed.

> 
> Bill Moseley
> mailto:moseley at hank.org

	As for the "aliases" reported by nslookup, they are benign
	articfact on nslookup / gethostbyaddr() depending on
	implementation and just indicate that there was a CNAME
	involved in the lookup.  Strictly they shouldn't be there
	but in practice they have not been known to cause problems.

	Mark
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list