Delegation of Inverse Zone Subnets

Barry Margolin barmar at alum.mit.edu
Mon Apr 19 21:29:26 UTC 2004 

In article <c60pud$2b1d$1 at sf1.isc.org>,
 "Rich Parkin" <RParkin at ldmi.com> wrote:

> Okay, I've read RFC 2317 a couple of times and I'm having a bit of
> trouble grasping some of the finer points...
> 
> If I understand it correctly, I first of all have to know exactly how
> the address space is being subnetted (and since I don't manage the IP
> allocations that in and of itself is going to be a trick).  Once
> subnetted, it would seem that changing the subnets would involve
> restructuring the parent zone each time.

Yes, you need to update the parent zone whenever you change how you 
delegate reverse DNS.  That's true for "normal" delegation as well.  
E.g. if you owned the entire 192.0/16 block, the person who manages IP 
allocations would have to tell you when they assigned a /24 to a 
customer, so you could delegate its reverse zone.  The difference isn't 
in whether you have to update your zone, just the types of updates you 
have to perform.

> 
> Given 192.0.2.0 as an example, where 192.0.2.192 /27 has been delegated
> to the customer.  At my end I might have the parent zone
> 2.0.192.in-addr.arpa containing something that roughly looks like this:
> 
>    @       IN      SOA     my-ns.my.domain. hostmaster.my.domain.
> (...)
>    ;...
>    ;  <<0-127>> /25
>    ;  not delegated
>    ;
>    0-25            NS      my-ns.my.domain.
>    0-25            NS      my-ns2.my.domain.
>    ;
>    1               CNAME   1.0-25.2.0.192.in-addr.arpa.
>    2               CNAME   2.0-25.2.0.192.in-addr.arpa.
>    3               CNAME   3.0-25.2.0.192.in-addr.arpa.

You don't need to do this for the parts of the address space that aren't 
delegated to another server.  They can just be ordinary PTR records in 
this zone.

> The RFC strongly suggests that we slave our nameservers to theirs for
> the child zone 192/27.2.0.192.in-addr.arpa.  I'm not comfortable slaving
> our nameservers... can I get away without doing that?  This assumes
> they're willing to allow me zone transfers, doesn't it?

It's mainly a performance issue, because of all the extra CNAME 
following that has to be done; it's not a strong requirement.

However, it's also recommended that the child zone server be a slave for 
the parent zone, and this *is* a good idea.  This allows their server to 
perform reverse DNS for their own address block without having to query 
any outside servers, which means that it will work even when their 
Internet connection is down.  This is a good idea, so that local-only 
applications aren't dependent on the Internet connection.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

More information about the bind-users mailing list