in-addr.arpa zone design

[Kevin Darcy]

Graham Turner wrote:

> Was wondering if anyone would be offer criteria for selection of dns zone
> design based on subdomains or using multiple zones.
>
> The example below is based on an in-addr.arpa zone but i guess equally
> applies to forward lookup zones
>
> eg . given an IP schema which uses addresses from the 172.30 /12 internal
> range and a 24 bit mask it seems there are two options for design of the
> in-addr.arpa zone
>
> 1. subdomains of a single zone which is identified by the first 2 octets of
> the subnet ID or
>
> 2. lots of zones identifed by the 24 bit subnet ID
>
> the approach in 2 supports the delegation of zones to another server which
> would not be acheivable using subdomains.
>
> this is against the extra administrative set up of the additonal zone files
> as in 2
>
> Was wondering if anyone would be able to offer additional criteria for
> selection of one design over the other.

With the reverse IPv4 namespace, you're dealing with a fixed number of
predictable labels and the only questions are where you put the zone cuts
and/or whether you use aliases (a la RFC 2317). My general approach with
reverse DNS structure is "wait and see", i.e. create zones at the highest
level possible (e.g. 10.in-addr.arpa, 168.192.in-addr.arpa,
16.172.in-addr.arpa through 31.172.in-addr.arpa), and when a given zone gets
too large or some other org needs to manage part of the reverse namespace,
split out subzones.

This approach doesn't work too well with the forward namespace though: once
the name foo.chrysler.com (for instance) gets entrenched in people's minds,
their bookmarks, config files etc., then it's pretty hard to come back later
and tell them all that it's changed to foo.usa.chrysler.com or whatever. So
with the forward namespace some advance planning and buy-in tends to pay off
in the long run.


- Kevin