IP (not zone) delegation

[Kevin Darcy]

Well, you _could_ give MS-DNS control over all of your "mixed" reverse zones,
and just maintain the non-Windows and/or legacy Windows (i.e. pre-Win2K, if you
have any) devices in those zones manually via the GUI. But this would be a real
pain if some of those devices use DHCP and your users expect coherent reverse
lookups.

I don't see that RFC 2317 is going to help you, unless Windows
auto-registration has become RFC 2317-aware since the last time I looked at it.
If that's the case, maybe you could get the DHCP server to restrict the Windows
devices to a certain range of addresses, and then populate that range in the
BIND-hosted reverse DNS zone ($GENERATE is designed for this kind of
thing) with aliases pointing into a MS-DNS-hosted zone.


- Kevin

"Smith, John" wrote:

> All,
>
>         First, thanks for all the responses.
>
>         Second, I am basically a 'Unix' person with some Microsoft
> knowledge.  I knew there would be information I was missing in my original
> post so I will try and fill in some gaps (although I am sure I will miss
> some more).
>
>         We are planning on using Dynamic DNS, at least on the Windows
> systems.  That has been a *big* push from management: "We want the least
> amount of manual entry of hostnames as possible."
>
>         Per the consultant's design the main point of separating the MS and
> non-MS zones was to keep the MS (Active Directory, DNS, DDNS, DHCP, etc.)
> overhead ('_' zones, etc.) within the Windows world.
>
>         We do not have a set way we are going to handle this as we are still
> trying to get it figured out.  It dawned on me that the forward delegations
> were not hard (and they were not), but the reverse delegations were going to
> be a different story since there will be common networks in both zones.
> Also, since we have wireless laptops, we could end up with a host with
> different reverse records depending on what building it is in.
>
>         I apologize that my requirements weren't clear enough (and still may
> not be clear enough).  I have another thread to the list that I have
> submitted that I need to do some clarification on.
>
>         And I can tell from Kevin's response that I need to take a look at
> RFC 2317.
>
>         Thanks again for all the help.
>
> John
>
> -----Original Message-----
> From: Barry Finkel [mailto:b19141 at achilles.ctd.anl.gov]
> Sent: Wednesday, September 18, 2002 8:45 AM
> To: bind-users at isc.org
> Cc: john.smith at minolta-qms.com
> Subject: Re: IP (not zone) delegation
>
> "Smith, John" <john.smith at minolta-qms.com> wrote:
>
> >       Background: We are in the process of installing DNS internally.
> >Based on a consultant's design suggestions we are configuring the zones as
> >follows (I will use test.net as the *example* zone):
> >
> >       ------------
> >       | test.net | (All non-Windows boxes are in this zone.  This will be
> a Bind server.)
> >       ------------
> >             |
> >             | delegation
> >             |
> >       ---------------
> >       | ms.test.net | (All Windows boxes are in this subzone.  This will
> be a Windows 2000 DNS server.)
> >       ---------------
> >
> >       The question I have is how to handle in-addr.arpa delegations.  One
> >side of our router has 172.16.111.0/24 addresses that contain a mixture of
> >Windows and non-Windows systems.  The other side of our router has
> >172.16.112.0/24 addresses that are primarily Windows boxes but have a small
> >percentage of 'others'.
> >
> >       Given this set up how should or can we handle in-addr.arpa
> >delegations, or is another design 'better' and why?
>
> What is the purpose of segregating the Windows and non-Windows
> computers into separate zones?  The answer to this question will
> determine the best solution.  If you are plannning on having the Windows
> boxes do self-registration or DHCP dynamic registration, then I have
> to agree with the others who have replied - there is no clean solution.
> If you are planning on static DNS registrations or DHCP registrations
> with long term leases (i.e., no dynamic DNS), then I would use the
> MS W2k DNS Server only for the four "_" zones.  On my W2k DNS Server
> I have 15 sets of "_" zones.  I also have one forward zone and its
> five reverse zones.  I can do this because each of the reverse zones
> (/24) is assigned to the forward zone, and everything in these zones
> are dynamic, controlled by DHCP.  I have a handful of static nodes
> for our Library group in that subnet, because there is a branch library
> in that building.  But I handle these five nodes in the reverse zone
> by entering them manually in the W2k DNS Server via the GUI; the
> forward entries are in my BIND server, along with all of the other
> library entries.
>