Reverse IP delegation question

Kevin Darcy kcd at daimlerchrysler.com
Wed Aug 29 00:56:34 UTC 2001 

You say "delegate", but I don't think you really mean it. Sounds like you just
want to open up the zone for his Dynamic Updates. I think your problem is that
his Dynamic Update client can't determine what the master is of the zone. By
default, the way a Dynamic Update client determines the master for a zone is to
look at the MNAME field of the SOA and if there is also an NS record for the
zone with the same name, that's the master. This is explained in RFC 2136. You
have "ns1.mydomain.com" in the MNAME field, but that doesn't appear in the
NS records. The client's fallback is to try *all* of the NS'es. But that
doesn't work either because the NS'es refer to only example.com nameservers in
both examples you show, neither of which are presumably master (the master is
ns1.mydomain.com, right?).

You either need to update the SOA MNAME and NS records to reflect the real
master, or you need to get the Dynamic Update client to explicitly specify the
master, ignoring what's in the SOA/NS records (the BIND 9 "nsupdate" has this
capability, for instance).

If you really meant "delegation", then that's a bit of a problem. A /24 reverse
zone can only be delegated from its parent, i.e. the /16 zone, the /8 zone,
in-addr.arpa, arpa or root, whichever happens to apply.


- Kevin

news.onr.com wrote:

> I want to delegate a class C to someone connected to my network,
> using 8.2.3 on a SunOS 5.5.1 box.
>
> Currently its setup so I have to do all the updates
> in the zone file, i.e.
> --------------------------------------------------------------------
> $TTL 3600;
> @       IN      SOA   ns1.mydomain.com.   second.mydomain.com.    (
>                                         2001082206
>                                         10800   ; Refresh after 3 hours
>                                         3600    ; Retry after 1 hour
>                                         604800  ; Expire after 1 week
>                                         86400 ) ; Minimum TTL of 1 day
>
>                         IN      NS      ns1.example.com.
>
> 1       IN      PTR    somename.example.com.
> ....
> 254
> --------------------------------------------------------------
> I would like to delegate it so the admin of ns1.example.com can
> make those updates himself without access to my server.
>
> My attempts so far have failed, this is my latest try:
> ----------------------------------------------------------------
> $ORIGIN 4.3.2.1.in-addr.arpa.
> $TTL 600;
> @       IN      SOA  ns1.mydomain.com. second.mydomain.com. (
>                         2001082207
>                         10800   ; Refresh after 3 hours
>                         3600    ; Retry after 1 hour
>                         604800  ; Expire after 1 week
>                         86400 ) ; Minimum TTL of 1 day
>                         NS ns1.example.com.
>                         NS second.example.com.
> ---------------------------------------------------------------
> Is there something obviously wrong with this?
> I dont need  CNAME entries after the NS entries for a /24 do I?
>
> (I do have an "allow-update { ip.for.ns1.example.com; };" line in named.conf
> and the log says the dynamic zone file is writable)
>
> I haven't found a decent document for this really, so any references
> or comments by e-mail to larry at chancy.org would be appreciated.
>
> Thanks,
> Larry

More information about the bind-users mailing list