How to delegate public IP zone internally
Greg Chavez
greg.chavez at gmail.com
Tue Sep 6 18:30:33 UTC 2005
My customer has several consecutive 156.xxx/16 blocks registered with
ARIN, but none of them seem to have been delegated to them as
in-addr.arpa zones. Normally this is not a problem, because my
customer uses these blocks strictly for internal addressing. We
allow some of their smaller units throughout the country to manage
their own /24 zones by serving as stealth slaves. A simple slave
statement in named.conf allows all other units to see their respective
zones. The problem is this:
An admin for one of these units has decided that he doesn't want to
let us - the DNS mothership - do zone transfers anymore, negating the
stealth zone idea. As it stands, nobody outside of their unit can see
their 156.xxx.yyy.0 zone. The admin for the rogue unit is being
intransigent... or am I?
Is there any other way I can delegate these zones without claiming
authority for 156.in-addr.arpa and breaking many public lookups? It
seems to me that the stealth slave route is the simplest,
hardest-to-break route here. If you can, please tell me otherwise.
Thanks=20
--Greg Chavez
More information about the bind-users
mailing list