Getting deligated reverse done correctly

Jim Reid jim at rfc1035.com
Fri Jun 30 21:55:17 UTC 2000 

>>>>> "Jymm" == Jymm  <jymm at my-deja.com> writes:

    Jymm> My ISP assigned me a /27 subnet - (we'll say...)
    Jymm> 300.0.0.128-159 They will give me authority for the
    Jymm> reverses, but when I read ORA's BIND (3rd ed) or RFC2317,

You should have provided your real IP addresses and domain names.
Concealing them is pointless and is usually unhelpful, though not in
this case fortunately. And anyway it's always better to discuss
specifics rather than use abstract domain names and IP addresses. BTW,
"mydomain.com" is a real domain. So unless you own it, you shouldn't
use it whenever you ask a question on the list. Someone could think
your question concerns the real mydomain.com instead of a name you've
plucked out of the air so that you can confuse folk by hiding your
actual domain name.

    Jymm> I'm a bit confused as to what goes where.
    Jymm> In my isp's 300.0.0.rev file they have:

    Jymm> 129.0.0.300.in-addr.arpa.  IN CNAME 300-0-0-129.mydomain.com.
    Jymm> 130.0.0.300.in-addr.arpa.  IN CNAME 300-0-0-130.mydomain.com.
    Jymm> 131.0.0.300.in-addr.arpa.  IN CNAME 300-0-0-131.mydomain.com.

This is fine. If a name server does a reverse lookup of 300.0.0.131,
it'll see the above CNAME and lookup 300-0-0-131.mydomain.com. 

    Jymm> In my mydomain.com.hosts file I have:

    Jymm> www.mydomain.com.		IN A	300.0.0.129
    Jymm> 300-0-0-129.mydomain.com.	IN PTR	www.mydomain.com
    Jymm> mail.mydomain.com		IN A	300.0.0.130 
    Jymm> 300-0-0-130.mydomain.com.	IN PTR	mail.mydomain.com
    Jymm> ftp.mydomain.com		IN A	300.0.0.131 
    Jymm> 300-0-0-131.mydomain.com.	IN PTR	ftp.mydomain.com

This is fine too, though the entries for all of the
{ftp,mail,www}.mydomain.com names should be terminated by a dot, not
just the first "www.mydomain.com".

A reverse lookup of 300.0.0.131 will lookup 131.0.0.300.in-addr.arpa
in your ISP's 0.0.300.in-addr.arpa zone. They'll find the above CNAME
and go lookup 300-0-0-131.mydomain.com which would resolve to
ftp.mydomain.com if you'd dot-terminated that name in PTR record
above. This would return the required result of the lookup. So the
lookup would be done, which means your name server configuration is
done too. Apart from the missing terminating dots of course.

    Jymm> Ok, the forwards are fine, but I need to create a reverse
    Jymm> file:

No you don't. The PTR records for your IP addresses are in your
forward zone file. The ISP's reverse zone has CNAMEs pointing at those
PTR records. It just works.

    Jymm> The part I'm confused with is what do I name this file:
    Jymm> 300.0.0.rev ???

Any legal file name can be used for a zone file. The name server
doesn't care what the file's called. It just wants to be able to read
the file. My preference is to make zone files have the same name as
the domain name, but pick any filename convention that suits
you. After all it's you who maintains these files and cares about
them. Call them whatever you like. The choice of zone file names is
between you, your OS and your name server.

    Jymm> Where does the part about 129.128-159.0.0.300.in-addr.arpa.
    Jymm> come into play here as mentioned in RFC2317?  

This is just another way of implementing the same CNAME to PTR trick.
It doesn't apply to your reverse lookups, so you can forget about it.
The idea is to create a subdomain in the reverse zone and delegate
that subdomain to the customer for them to manage. The (parent)
reverse zone would contain CNAMEs that point at PTR records that
should be in the customer-maintained subdomain. Your ISP has saved
themselves and you from that hassle by pointing the reverse zone
CNAMEs at PTR records in your "mydomain.com"* zone file. The result is
they have one less delegation point to bother about and you don't need
to maintain a separate zone file for your PTR records.

[* See what I mean about providing bogus domain names in questions to
the list instead of the actual ones?] 

    Jymm> What file is this refering to FWD or REV?

If a zone is in the in-addr.arpa domain, it's for reverse lookups.
That doesn't mean that the zone file can only contain PTR records -
they can go in any zone. In fact any RR types can be entered in any
zone file provided they are syntactically valid and the owner-name is
in the domain that is defined by that zone.

More information about the bind-users mailing list