The role of reverse zone files

David Botham DBotham at OptimusSolutions.com
Tue Nov 9 21:06:48 UTC 2004 

bind-users-bounce at isc.org wrote on 11/08/2004 10:50:54 PM:
> Ok some of the dumber fog is starting to lift
> Clearly, knowing an address does not tell me how to find a zone
> file, forward or reverse. There has to be a reverse chain to go 
> with the forward chain for external queries. 
> 
> I still don't quite get _how_, given an arbitrary address, the
> correct inverse zone file can be found to consult for the hostname.

1.  Start with an ip address, say, 192.168.2.5
2.  Create a domain name with by:
        a.  Reversing the order of the octets to yield 5.2.168.192
        b.  Append .in-addr.arpa to the end of it to get: 
5.2.168.192.in-addr.arap.
3.  Start at the root asking this question:
        5.2.168.192.in-addr.arap PTR
4.  Get a referral to the ISP who owns the 192.168.2.0 network:
        2.168.192.in-addr.arap NS ns1.someisp.com
        2.168.192.in-addr.arap NS ns2.someisp.com
5.  Ask ns1.someisp.com the same question:
        5.2.168.192.in-addr.arap PTR
6.  Get the answer from their zone file:
        5.2.168.192.in-addr.arap PTR somehost.someispornot.com


Steps 1 and 2 are automatically performed by resolvers.

The remainder of the process is the same for forward zones as it is for 
reverse zones.  In fact there is little difference between them from that 
perspective, except for the type of information typically stored in the 
zone.

> The key has to be in the chain of in-arpa domains, but I don't
> see the connection between my in-arpa zones and my provider's
> DNS. Wait a minute, is this what's meant by "reverse delegation"?

Reverse delegation is a term some people use to refer to the delegation of 
reverse zones.  There is no difference in the way reverse and forward 
zones are delegated, with the exception of RFC2317.  Even RFC2317 performs 
the actual delegation in the same manner.

> Essentially, my ISP saying to the world "these numbers are resolved
> by a nameserver at address w.x.y.z?

Numbers are not resolved.  Domain names are resolved.  The domain names 
for "reverse" zones *look* a lot like numbers, but, they are simply labels 
in the domain name.  See steps 1 and 2 from above for the process required 
to derive the correct domain name to query given a particular starting IP.

> 
> This is a tougher homework assignment than I bargained for.....
> If the logic is not in Hunt's book please warn me and I'll spring
> for the other one.

Get a copy of DNS & BIND 4th Edition.


> 
> I don't think I'm dealing with a /24 network, which would imply
> that I have 8 bits of address space. The netmask given is 
> 255.255.255.248, which appears to give me three bits or 7 
> distinct addesses. Five are said to be "assignable", one is
> occupied by the router. Not sure what became of the last one.

If you are wondering how you would control the in-addr.arpa name space 
associated with the block of IP addresses you have, you should consult 
RFC2317.


hth,


Dave...


> 
> 
> Thanks for reading, 
> 
> bob prohaska
> 
> 
>

More information about the bind-users mailing list