Classless in-addr.arpa delegation.

Joe Pruett joey at q7.com
Mon Aug 28 22:59:28 UTC 2000 

you can do what you want, but you have to have a seperate zone for each
address.  this is how i do in-addr delegation.  i find cnames evil, so i
don't like rfc2317 :-).  the isp still has an ns for each address, and you
have a zone for each that has something like:

@		SOA	blah blah blah

@		NS	ns.example.com.

@		PTR	foo.example.com.

and right now you can propogate the wrong auth info back up the chain.
your server currently thinks you are authoritative for the entire /24
block and it'll gladly tell anyone who asks.

On Mon, 28 Aug 2000, Jay Nugent wrote:

> 
> Greetings,
> 
> On Mon, 28 Aug 2000, Kevin Darcy wrote:
> 
> > 
> > Wait a minute! What zone are those PTR's contained in? The C-class
> > zone? That's *bad*news*. Not only are you blinding your own clients to other
> > PTR's in that same C-class range, but you're propagating bogus Authority
> > Section data, thus potentially blinding *other*people's* nameservers to other
> > PTR's in that same C-class range, not to mention misdirecting traffic to your
> > nameservers.
> > 
> > There's a reason that RFC 2317 is a BCP.
> 
>    You are only partially correct.  Yes, I am indeed blinding my clients
> from a *small* piece of the Internet, precicesly the other half of the
> class-C that I'm on.  Should my customers need to resolve those other 128
> hosts, then I'll look for a more elegant solution.  Thuis far that has not
> been a problem.
> 
>    As for "propagating bogus Authority Section data".... Absolutely not!
> The ISP is authoratative for the class-C.  Then only send the 128
> addresses *I* use to *me* to reverse resolve.  The rest of the block the
> ISP does with as they would any other block, usually entering their
> customers hosts names into the DNS for them.  I am NOT providing bogus
> data.
> 
>    However, if there is a better way, I'd certainly like to see some
> sample zone files... :-)
> 
>       --- Jay
> 
> 
> > Jay Nugent wrote:
> > 
> > > Greetings,
> > >
> > > On Mon, 28 Aug 2000, Kevin Darcy wrote:
> > >
> > > >
> > > > Doing RFC 2317 on a non-bit-boundary is a little unusual, but certainly
> > > > workable.  That's why I say that "classless delegation" is somewhat of a
> > > > misnomer -- it's really *aliasing* rather than "delegation" _per_se_.
> > > > All your ISP needs to do is add 10 CNAMEs to the
> > > > 192.204.212.in-addr.arpa zone:
> > > >
> > > > 51    in    cname    51.rev.jdimedia.nl.
> > > > 52    in    cname    52.rev.jdimedia.nl.
> > > > 53    in    cname    53.rev.jdimedia.nl.
> > > > (etc.)
> > > >
> > > > I've used "rev.jdimedi.nl" here as the "container" zone for the PTR
> > > > records, but you could use *anything* mutually-acceptable between your
> > > > and your ISP, as long as it's a zone delegated to, and controlled by
> > > > you.
> > >
> > >    Or just have the ISP do the following which will send all PTR lookups
> > > to YOUR nameserver.  Then on your nameserver you use conventional PTR
> > > records to do the final resolve.
> > >
> > > At the ISP:
> > > -----------
> > > 51    IN     NS     ns1.yourserver.com.
> > > 52    IN     NS     ns1.yourserver.com.
> > > 53    IN     NS     ns1.yourserver.com.
> > >
> > > In your nameserver:
> > > -------------------
> > > 51    IN     PTR    larry.yourdomain.com.
> > > 52    IN     PTR    moe.yourdomain.com.
> > > 53    IN     PTR    curley.yourdomain.com.
> > >
> > >    I do this for my 128-host address block.  My ISP didn't even know it
> > > could be done.  They learn something new from their customers every day
> > >   :-)
> > >
> > >       --- Jay
> 
>              
>              /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/~~\
>             |  Jay Nugent                 jjn at nuge.com |____|
>             |  Nugent Telecommunications  www.nuge.com |
>             |  Web-Pegasus          www.webpegasus.com |
>             |  (734)971-1076        (734)971-4529 /Fax |
>             |                                          |
>             | ISP & Modem Performance Monitoring Svcs. |
>             | Discount Reseller of 123.Net ISP Services|
>             | Internet Consulting / Linux SysAdmin     |
>             | Web Hosting / DNS Hosting / Shell Accts. |
>             | Embedded Controllers / Engr. & Design    |
>          /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/   |
>          \_________________________________________\__/
> 
>   6:00pm  up 110 days, 7 min,  6 users,  load average: 0.00, 0.00, 0.00
> 
> 
>

More information about the bind-users mailing list