Classless in-addr.arpa delegation.
Joe Pruett
joey at q7.com
Mon Aug 28 22:59:28 UTC 2000
you can do what you want, but you have to have a seperate zone for each
address. this is how i do in-addr delegation. i find cnames evil, so i
don't like rfc2317 :-). the isp still has an ns for each address, and you
have a zone for each that has something like:
@ SOA blah blah blah
@ NS ns.example.com.
@ PTR foo.example.com.
and right now you can propogate the wrong auth info back up the chain.
your server currently thinks you are authoritative for the entire /24
block and it'll gladly tell anyone who asks.
On Mon, 28 Aug 2000, Jay Nugent wrote:
>
> Greetings,
>
> On Mon, 28 Aug 2000, Kevin Darcy wrote:
>
> >
> > Wait a minute! What zone are those PTR's contained in? The C-class
> > zone? That's *bad*news*. Not only are you blinding your own clients to other
> > PTR's in that same C-class range, but you're propagating bogus Authority
> > Section data, thus potentially blinding *other*people's* nameservers to other
> > PTR's in that same C-class range, not to mention misdirecting traffic to your
> > nameservers.
> >
> > There's a reason that RFC 2317 is a BCP.
>
> You are only partially correct. Yes, I am indeed blinding my clients
> from a *small* piece of the Internet, precicesly the other half of the
> class-C that I'm on. Should my customers need to resolve those other 128
> hosts, then I'll look for a more elegant solution. Thuis far that has not
> been a problem.
>
> As for "propagating bogus Authority Section data".... Absolutely not!
> The ISP is authoratative for the class-C. Then only send the 128
> addresses *I* use to *me* to reverse resolve. The rest of the block the
> ISP does with as they would any other block, usually entering their
> customers hosts names into the DNS for them. I am NOT providing bogus
> data.
>
> However, if there is a better way, I'd certainly like to see some
> sample zone files... :-)
>
> --- Jay
>
>
> > Jay Nugent wrote:
> >
> > > Greetings,
> > >
> > > On Mon, 28 Aug 2000, Kevin Darcy wrote:
> > >
> > > >
> > > > Doing RFC 2317 on a non-bit-boundary is a little unusual, but certainly
> > > > workable. That's why I say that "classless delegation" is somewhat of a
> > > > misnomer -- it's really *aliasing* rather than "delegation" _per_se_.
> > > > All your ISP needs to do is add 10 CNAMEs to the
> > > > 192.204.212.in-addr.arpa zone:
> > > >
> > > > 51 in cname 51.rev.jdimedia.nl.
> > > > 52 in cname 52.rev.jdimedia.nl.
> > > > 53 in cname 53.rev.jdimedia.nl.
> > > > (etc.)
> > > >
> > > > I've used "rev.jdimedi.nl" here as the "container" zone for the PTR
> > > > records, but you could use *anything* mutually-acceptable between your
> > > > and your ISP, as long as it's a zone delegated to, and controlled by
> > > > you.
> > >
> > > Or just have the ISP do the following which will send all PTR lookups
> > > to YOUR nameserver. Then on your nameserver you use conventional PTR
> > > records to do the final resolve.
> > >
> > > At the ISP:
> > > -----------
> > > 51 IN NS ns1.yourserver.com.
> > > 52 IN NS ns1.yourserver.com.
> > > 53 IN NS ns1.yourserver.com.
> > >
> > > In your nameserver:
> > > -------------------
> > > 51 IN PTR larry.yourdomain.com.
> > > 52 IN PTR moe.yourdomain.com.
> > > 53 IN PTR curley.yourdomain.com.
> > >
> > > I do this for my 128-host address block. My ISP didn't even know it
> > > could be done. They learn something new from their customers every day
> > > :-)
> > >
> > > --- Jay
>
>
> /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/~~\
> | Jay Nugent jjn at nuge.com |____|
> | Nugent Telecommunications www.nuge.com |
> | Web-Pegasus www.webpegasus.com |
> | (734)971-1076 (734)971-4529 /Fax |
> | |
> | ISP & Modem Performance Monitoring Svcs. |
> | Discount Reseller of 123.Net ISP Services|
> | Internet Consulting / Linux SysAdmin |
> | Web Hosting / DNS Hosting / Shell Accts. |
> | Embedded Controllers / Engr. & Design |
> /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ |
> \_________________________________________\__/
>
> 6:00pm up 110 days, 7 min, 6 users, load average: 0.00, 0.00, 0.00
>
>
>
More information about the bind-users
mailing list