Reverse ARPA on host boundary

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Fri May 31 13:29:04 UTC 2002 

Michael C. Cambria <cambria at world.std.com> wrote:

> phn at icke-reklam.ipsec.nu wrote in message news:<ad5khb$b9ts$1 at isrv4.isc.org>...
>> Michael C. Cambria <cambria at world.std.com> wrote:
>> 
>> > Is it possible to define one host as a domain?  I've tried setting
>> > this up to the point of the reverse arpa.
>> 
>> Yes. 
>> Hint : a domain, the entity that may be delegated, can be assiciated
>> with 'A' records and in your case 'PTR' records. 
>> 
>> A zonefile might be :
>> 
>> 
>> $TTL 86400
>> @	IN	SOA  < stuff>
>> 	IN	NS	<fqdn>
>> 	IN	NS	<another NS>
>> 	IN	PTR	fully.qualified.name.tld.

> Wouldn't I need to put "part" of the IP address in column 1?  For a
> class C, I'd put the host part of the IP address for example.

> Also, for this zonefile above, I'm curious as to what the name of the
> zone would be in named.conf.  I'm _guessing_ that for IP address of
> w.x.y.z I could use z.y.x.w.IN-ADDR.ARPA.

Given the ipaddress 192.168.100.55 your  named.conf should have :

zone "55.100.168.192.in-addr.arpa" {
	type master;
	file "whatever>;
};

Your corresponding zonefile :
$TTL 86400
@	IN	SOA ( whatever)
	IN	NS  <your favorite nameserver)

	IN	PTR	hostname.domain.com.  ( providing domain.com. is
your domain)

Your ISP will need one line in the zonefile for 100.168.192.in-addr.arpa :

55	IN	NS	<your favorite nameserver>



Never tested the above but it _should_ work.



> BTW, what is ".tld"?

>> > I have a single IP address from my provider (who will not cooperate on
>> > DNS).
>> 
>> If your ISP don't cooperate you are out of luck.

> Does it have to be the ISP (e.g. cable company) or is there a chance
> that the company currently parking my domain name can do the
> delegation?  My reading to date leads me to believe that the ISP
> owning the IP address needs to be the one delegating, at least for IP
> to DNS mapping.

It has to be the entity that gives you the ip-address. They 
_should_ have been delegated the whole net in their turn from
arin/ripe/apnic or possibly upstream provider.

>> > Behind this (NAT/FW) box will be private IP addresses, with their own
>> > name server  Thus, for security, their IP addresses (and names) are
>> > hidden.
>>  
>> > Any suggestions?
>> 
>> Switch ISP 

> Would stub zones help?  Perhaps the ISP can be per$uaded to configure
> just an NS record.

Thats what i have described.

> How about a stealth server (I'm still reading up on this at the
> moment, so this could be a wild guess.)

> Thanks again,
> MikeC


-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list