The role of reverse zone files
Steve Sandau
ssandau at gwi.net
Wed Nov 10 03:43:28 UTC 2004
David Botham wrote:
> bind-users-bounce at isc.org wrote on 11/08/2004 10:50:54 PM:
>
>>Ok some of the dumber fog is starting to lift
>>Clearly, knowing an address does not tell me how to find a zone
>>file, forward or reverse. There has to be a reverse chain to go
>>with the forward chain for external queries.
>>
>>I still don't quite get _how_, given an arbitrary address, the
>>correct inverse zone file can be found to consult for the hostname.
>
>
> 1. Start with an ip address, say, 192.168.2.5
> 2. Create a domain name with by:
> a. Reversing the order of the octets to yield 5.2.168.192
> b. Append .in-addr.arpa to the end of it to get:
> 5.2.168.192.in-addr.arap.
> 3. Start at the root asking this question:
> 5.2.168.192.in-addr.arap PTR
> 4. Get a referral to the ISP who owns the 192.168.2.0 network:
> 2.168.192.in-addr.arap NS ns1.someisp.com
> 2.168.192.in-addr.arap NS ns2.someisp.com
> 5. Ask ns1.someisp.com the same question:
> 5.2.168.192.in-addr.arap PTR
> 6. Get the answer from their zone file:
> 5.2.168.192.in-addr.arap PTR somehost.someispornot.com
>
>
> Steps 1 and 2 are automatically performed by resolvers.
>
> The remainder of the process is the same for forward zones as it is for
> reverse zones. In fact there is little difference between them from that
> perspective, except for the type of information typically stored in the
> zone.
>
>
>>The key has to be in the chain of in-arpa domains, but I don't
>>see the connection between my in-arpa zones and my provider's
>>DNS. Wait a minute, is this what's meant by "reverse delegation"?
>
>
> Reverse delegation is a term some people use to refer to the delegation of
> reverse zones. There is no difference in the way reverse and forward
> zones are delegated, with the exception of RFC2317. Even RFC2317 performs
> the actual delegation in the same manner.
>
>
>>Essentially, my ISP saying to the world "these numbers are resolved
>>by a nameserver at address w.x.y.z?
>
>
> Numbers are not resolved. Domain names are resolved. The domain names
> for "reverse" zones *look* a lot like numbers, but, they are simply labels
> in the domain name. See steps 1 and 2 from above for the process required
> to derive the correct domain name to query given a particular starting IP.
>
>
>>This is a tougher homework assignment than I bargained for.....
>>If the logic is not in Hunt's book please warn me and I'll spring
>>for the other one.
>
>
> Get a copy of DNS & BIND 4th Edition.
>
>
>
>>I don't think I'm dealing with a /24 network, which would imply
>>that I have 8 bits of address space. The netmask given is
>>255.255.255.248, which appears to give me three bits or 7
>>distinct addesses. Five are said to be "assignable", one is
>>occupied by the router. Not sure what became of the last one.
>
>
> If you are wondering how you would control the in-addr.arpa name space
> associated with the block of IP addresses you have, you should consult
> RFC2317.
>
>
> hth,
>
>
> Dave...
>
All said better than I could say it. :)
Additionally, somewhat off-topic, the .248 netmask gives you 256-248
addresses, or 8 total. The lowest address is the network address, and
the highest is the broadcast address. Both are unusable for hosts. This
leaves 6 addresses for hosts, one of which is used by the router.
Steve Sandau
More information about the bind-users
mailing list