Reverse lookup records held by ISP, I need to control them...
Bob Vance
bobvance at alumni.caltech.edu
Mon Jan 29 16:19:21 UTC 2001
>Is there any way that I can take the "authority" for my subnet
You can't "take" it, but you can ask your ISP (or whomever is
authoritative for the parent -- typically the ISP) to "give" (delegate)
it to you.
Since you don't have the entire "C" block, it's a tiny bit more work for
them, but not much. If they don't agree, get another ISP.
As noted, also read RFC 2317.
Basically, what happens is that since they can't give you the entire
0.162.198.in-addr.arpa domain (because other customers share it) they
will delegate a sub-domain of it to you, say,
"luc.0.162.198.in-addr.arpa"
(of course, they'll not use "luc", but something that means
eminently more to them :)
At this point, you may say,
"Wait!!! Who would ever look in a sub-domain of
0.162.198.in-addr.arpa???
"
Just wait and see below :)
You set up a master zone on your server for this and are authoritative
for it and put the "normal" PTR records in it. So far it looks like a
normal delegation.
The tiny extra work and magic is here:
. the ISP is *still* authoritative for "0.162.198.in-addr.arpa" and so
any reverse lookups will *still* end up to them (ignoring cache)
**but**,
. they set up CNAMEs for the "normal" PTR records to *your*
sub-domain !
. the requests then end up at your server, so you control the results
So, the ISP has, essentially,
$ORIGIN 0.162.198.in-addr.arpa.
...
;;; delegations:
luc.0.162.198.in-addr.arpa. IN NS ns.your-dom.
251.0.162.198.in-addr.arpa. IN CNAME 251.luc.0.162.198.in-addr.arpa.
252.0.162.198.in-addr.arpa. IN CNAME 252.luc.0.162.198.in-addr.arpa.
...
(or, more briefly,
luc IN NS ns.your-dom.
251 IN CNAME 251.luc
252 IN CNAME 252.luc
)
Your conf looks like:
...
zone "luc.0.162.198.in-addr.arpa." {
type master;
...
}
Your zone file looks something like
...
@ SOA ...
IN NS ns.your-dom.
251 IN PTR ns.your-dom.
252 IN PTR www.your-dom.
...
Thus a reverse request for 198.162.0.252,
-q=PTR 252.0.162.198.in-addr.arpa.
will get the *CNAME* RR,
252.luc.0.162.198.in-addr.arpa.
and end up at your server where the result will be
www.your-dom.
-------------------------------------------------
Tks | <mailto:BVance at sbm.com>
BV | <mailto:BobVance at alumni.caltech.edu>
Sr. Technical Consultant, SBM, A Gates/Arrow Co.
Vox 770-623-3430 11455 Lakefield Dr.
Fax 770-623-3429 Duluth, GA 30097-1511
=================================================
-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of lucidity185 at my-deja.com
Sent: Sunday, January 28, 2001 2:01 PM
To: comp-protocols-dns-bind at moderators.isc.org
Subject: Reverse lookup records held by ISP, I need to control them...
I haven't talked to my ISP yet because my hours that I am awake are
usually outside their operations hours... But I'm wondering something
regarding problems with my reverse lookup records. I have a set of X
IP's given to me from my ISP (they provide me simply with a connection
to the net, with which I can do anything - i.e. webhosting, email
hosting, etc.). So, I went and set up two DNS servers for future
webhosting. When I setup the reverse lookup records - i.e.
198.162.0.1.in-addr.arpa. IN PTR ns1.mydomain.com
Their DNS servers must have authority for the whole 198.162.0 subnet,
so when someone runs a reverse lookup outside of my net, they come up
with nothing... i.e.
nslookup 198.162.0.1
Is there any way that I can take the "authority" for my subnet (I'm on
a 255.255.255.248 subnet)? Or is this something that they are going to
have a hard time helping me with? Any suggestions?
Thanks,
Luc
BTW, I'm running BIND 8.2.3 on two RH systems.
Sent via Deja.com
http://www.deja.com/
More information about the bind-users
mailing list