Reverse ARPA on host boundary
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Fri May 31 13:29:04 UTC 2002
Michael C. Cambria <cambria at world.std.com> wrote:
> phn at icke-reklam.ipsec.nu wrote in message news:<ad5khb$b9ts$1 at isrv4.isc.org>...
>> Michael C. Cambria <cambria at world.std.com> wrote:
>>
>> > Is it possible to define one host as a domain? I've tried setting
>> > this up to the point of the reverse arpa.
>>
>> Yes.
>> Hint : a domain, the entity that may be delegated, can be assiciated
>> with 'A' records and in your case 'PTR' records.
>>
>> A zonefile might be :
>>
>>
>> $TTL 86400
>> @ IN SOA < stuff>
>> IN NS <fqdn>
>> IN NS <another NS>
>> IN PTR fully.qualified.name.tld.
> Wouldn't I need to put "part" of the IP address in column 1? For a
> class C, I'd put the host part of the IP address for example.
> Also, for this zonefile above, I'm curious as to what the name of the
> zone would be in named.conf. I'm _guessing_ that for IP address of
> w.x.y.z I could use z.y.x.w.IN-ADDR.ARPA.
Given the ipaddress 192.168.100.55 your named.conf should have :
zone "55.100.168.192.in-addr.arpa" {
type master;
file "whatever>;
};
Your corresponding zonefile :
$TTL 86400
@ IN SOA ( whatever)
IN NS <your favorite nameserver)
IN PTR hostname.domain.com. ( providing domain.com. is
your domain)
Your ISP will need one line in the zonefile for 100.168.192.in-addr.arpa :
55 IN NS <your favorite nameserver>
Never tested the above but it _should_ work.
> BTW, what is ".tld"?
>> > I have a single IP address from my provider (who will not cooperate on
>> > DNS).
>>
>> If your ISP don't cooperate you are out of luck.
> Does it have to be the ISP (e.g. cable company) or is there a chance
> that the company currently parking my domain name can do the
> delegation? My reading to date leads me to believe that the ISP
> owning the IP address needs to be the one delegating, at least for IP
> to DNS mapping.
It has to be the entity that gives you the ip-address. They
_should_ have been delegated the whole net in their turn from
arin/ripe/apnic or possibly upstream provider.
>> > Behind this (NAT/FW) box will be private IP addresses, with their own
>> > name server Thus, for security, their IP addresses (and names) are
>> > hidden.
>>
>> > Any suggestions?
>>
>> Switch ISP
> Would stub zones help? Perhaps the ISP can be per$uaded to configure
> just an NS record.
Thats what i have described.
> How about a stealth server (I'm still reading up on this at the
> moment, so this could be a wild guess.)
> Thanks again,
> MikeC
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list