Split authority for class-B?

[Joseph S D Yao]

On Thu, Apr 27, 2006 at 03:00:55PM -0400, Davenport, Steve M. wrote:
> Resending the message from my outbox one more time. For some reason the text
> was cutoff, maybe someone didn't like the question  ;>)... 
> 
> -----Original Message-----
> From: Davenport, Steve M. 
> Sent: Thursday, April 27, 2006 12:38 PM
> To: 'bind-users at isc.org'
> Subject: Split authority for class-B?
> 
>  
> We own a class-B IP space and our partner organization wants to assume
> ownership of some of our unused addresses (in class-C blocks). Is it
> possible for a root server to segment the class-B and delegate a portion to
> our nameservers and the rest to our partner's nameservers, ...


Once the root server has delegated a domain, the delegatee should take
care of further delegations.  I've seen networks where the root tries to
delegate ... it's a MESS (although how much more of a mess it would be
if the delegatees tried to delegate, I have no idea).

Incidentally, since 1985 or so, networks that have 16-bit netmasks are
called /16's, and networks with 24-bit netmasks are called /24's.  And
with these names, there is no restriction as to starting with 128-191
[for the old-style "Class B's"] and 192-223 [for the old-style "Class
C's"].


>							 .., or must we use
> zone deligation ...


Absolutely, you should use zone delegation.  [Deligation means untying,
near as I can tell.  ;-)  Even more expensive operation than the
original ligation.  ;-P ]  [Being a perfectionist, I looked it up
on-line and I'm wrong: it means bandaging, or tying up.  I don't get it.
Why does ligation mean binding up, and deligation mean the same thing?
You might as well say that flammable and inflammable mean the same
thing!]  [Flame retardant acivated.]


>		. which would mean that the partner's deligated zone would
> have our domain name as a suffix?


No, it wouldn't, if DNS is properly configured.  Why would you think
that?

Say your /16 is 311.422.0.0/16.  No, I didn't say that could be
implemented, all I said was "say that ...".  ;-)

Say that you want to delegate 311.422.532.0/22 (532-535) to the Red
Cross office on your campus.

The owner of 311.in-addr.arpa has this in his "zone.311" file:

$TTL	1d
@	SOA	...
	NS	ns1.mydomain.example.
	NS	ns2.mydomain.example.
...
422	NS	ns1.utmck.edu.
	NS	ns2.utmck.edu.
...

You have this in your "zone.311.422" file, for 422.311.in-addr.arpa:

$TTL	1d
@	SOA	...
	NS	ns1.utmck.edu.
	NS	ns2.utmck.edu.
...
532	NS	ns1.utmck-redcross.org.
	NS	ns2.utmck-redcross.org.
533	NS	ns1.utmck-redcross.org.
	NS	ns2.utmck-redcross.org.
534	NS	ns1.utmck-redcross.org.
	NS	ns2.utmck-redcross.org.
535	NS	ns1.utmck-redcross.org.
	NS	ns2.utmck-redcross.org.
...

And in their "zone.311.422.532" file, for 523.422.311.in-addr.arpa, they
have something like:

$TTL	1d
@	SOA	...
	NS	ns1.utmck-redcross.org.
	NS	ns2.utmck-redcross.org.
...
411	PTR	volunteer.utmck-redcross.org.
911	PTR	disaster.utmck-redcross.org.
611	PTR	health-safety.utmck-redcross.org.
555	PTR	blood.utmck-redcross.org.
666	PTR	military.utmck-redcross.org.
800	PTR	youth.utmck-redcross.org.
723	PTR	tissue.utmck-redcross.org.
899	PTR	international.utmck-redcross.org.

Now, where does your domain appear in this last file???  ;-)

[I don't want anyone writing me telling me that none of the numbers
above are less than 255 - don't you think that was done deliberately?]


-- 
Joe Yao
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.