Classless in-addr.arpa delegation.
Jay Nugent
jjn at home.nuge.com
Mon Aug 28 22:45:45 UTC 2000
Greetings,
On Mon, 28 Aug 2000, Kevin Darcy wrote:
>
> Wait a minute! What zone are those PTR's contained in? The C-class
> zone? That's *bad*news*. Not only are you blinding your own clients to other
> PTR's in that same C-class range, but you're propagating bogus Authority
> Section data, thus potentially blinding *other*people's* nameservers to other
> PTR's in that same C-class range, not to mention misdirecting traffic to your
> nameservers.
>
> There's a reason that RFC 2317 is a BCP.
You are only partially correct. Yes, I am indeed blinding my clients
from a *small* piece of the Internet, precicesly the other half of the
class-C that I'm on. Should my customers need to resolve those other 128
hosts, then I'll look for a more elegant solution. Thuis far that has not
been a problem.
As for "propagating bogus Authority Section data".... Absolutely not!
The ISP is authoratative for the class-C. Then only send the 128
addresses *I* use to *me* to reverse resolve. The rest of the block the
ISP does with as they would any other block, usually entering their
customers hosts names into the DNS for them. I am NOT providing bogus
data.
However, if there is a better way, I'd certainly like to see some
sample zone files... :-)
--- Jay
> Jay Nugent wrote:
>
> > Greetings,
> >
> > On Mon, 28 Aug 2000, Kevin Darcy wrote:
> >
> > >
> > > Doing RFC 2317 on a non-bit-boundary is a little unusual, but certainly
> > > workable. That's why I say that "classless delegation" is somewhat of a
> > > misnomer -- it's really *aliasing* rather than "delegation" _per_se_.
> > > All your ISP needs to do is add 10 CNAMEs to the
> > > 192.204.212.in-addr.arpa zone:
> > >
> > > 51 in cname 51.rev.jdimedia.nl.
> > > 52 in cname 52.rev.jdimedia.nl.
> > > 53 in cname 53.rev.jdimedia.nl.
> > > (etc.)
> > >
> > > I've used "rev.jdimedi.nl" here as the "container" zone for the PTR
> > > records, but you could use *anything* mutually-acceptable between your
> > > and your ISP, as long as it's a zone delegated to, and controlled by
> > > you.
> >
> > Or just have the ISP do the following which will send all PTR lookups
> > to YOUR nameserver. Then on your nameserver you use conventional PTR
> > records to do the final resolve.
> >
> > At the ISP:
> > -----------
> > 51 IN NS ns1.yourserver.com.
> > 52 IN NS ns1.yourserver.com.
> > 53 IN NS ns1.yourserver.com.
> >
> > In your nameserver:
> > -------------------
> > 51 IN PTR larry.yourdomain.com.
> > 52 IN PTR moe.yourdomain.com.
> > 53 IN PTR curley.yourdomain.com.
> >
> > I do this for my 128-host address block. My ISP didn't even know it
> > could be done. They learn something new from their customers every day
> > :-)
> >
> > --- Jay
/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/~~\
| Jay Nugent jjn at nuge.com |____|
| Nugent Telecommunications www.nuge.com |
| Web-Pegasus www.webpegasus.com |
| (734)971-1076 (734)971-4529 /Fax |
| |
| ISP & Modem Performance Monitoring Svcs. |
| Discount Reseller of 123.Net ISP Services|
| Internet Consulting / Linux SysAdmin |
| Web Hosting / DNS Hosting / Shell Accts. |
| Embedded Controllers / Engr. & Design |
/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ |
\_________________________________________\__/
6:00pm up 110 days, 7 min, 6 users, load average: 0.00, 0.00, 0.00
More information about the bind-users
mailing list