Split authority for class-B?
Joseph S D Yao
jsdy at center.osis.gov
Thu Apr 27 20:15:57 UTC 2006
On Thu, Apr 27, 2006 at 03:00:55PM -0400, Davenport, Steve M. wrote:
> Resending the message from my outbox one more time. For some reason the text
> was cutoff, maybe someone didn't like the question ;>)...
>
> -----Original Message-----
> From: Davenport, Steve M.
> Sent: Thursday, April 27, 2006 12:38 PM
> To: 'bind-users at isc.org'
> Subject: Split authority for class-B?
>
>
> We own a class-B IP space and our partner organization wants to assume
> ownership of some of our unused addresses (in class-C blocks). Is it
> possible for a root server to segment the class-B and delegate a portion to
> our nameservers and the rest to our partner's nameservers, ...
Once the root server has delegated a domain, the delegatee should take
care of further delegations. I've seen networks where the root tries to
delegate ... it's a MESS (although how much more of a mess it would be
if the delegatees tried to delegate, I have no idea).
Incidentally, since 1985 or so, networks that have 16-bit netmasks are
called /16's, and networks with 24-bit netmasks are called /24's. And
with these names, there is no restriction as to starting with 128-191
[for the old-style "Class B's"] and 192-223 [for the old-style "Class
C's"].
> .., or must we use
> zone deligation ...
Absolutely, you should use zone delegation. [Deligation means untying,
near as I can tell. ;-) Even more expensive operation than the
original ligation. ;-P ] [Being a perfectionist, I looked it up
on-line and I'm wrong: it means bandaging, or tying up. I don't get it.
Why does ligation mean binding up, and deligation mean the same thing?
You might as well say that flammable and inflammable mean the same
thing!] [Flame retardant acivated.]
> . which would mean that the partner's deligated zone would
> have our domain name as a suffix?
No, it wouldn't, if DNS is properly configured. Why would you think
that?
Say your /16 is 311.422.0.0/16. No, I didn't say that could be
implemented, all I said was "say that ...". ;-)
Say that you want to delegate 311.422.532.0/22 (532-535) to the Red
Cross office on your campus.
The owner of 311.in-addr.arpa has this in his "zone.311" file:
$TTL 1d
@ SOA ...
NS ns1.mydomain.example.
NS ns2.mydomain.example.
...
422 NS ns1.utmck.edu.
NS ns2.utmck.edu.
...
You have this in your "zone.311.422" file, for 422.311.in-addr.arpa:
$TTL 1d
@ SOA ...
NS ns1.utmck.edu.
NS ns2.utmck.edu.
...
532 NS ns1.utmck-redcross.org.
NS ns2.utmck-redcross.org.
533 NS ns1.utmck-redcross.org.
NS ns2.utmck-redcross.org.
534 NS ns1.utmck-redcross.org.
NS ns2.utmck-redcross.org.
535 NS ns1.utmck-redcross.org.
NS ns2.utmck-redcross.org.
...
And in their "zone.311.422.532" file, for 523.422.311.in-addr.arpa, they
have something like:
$TTL 1d
@ SOA ...
NS ns1.utmck-redcross.org.
NS ns2.utmck-redcross.org.
...
411 PTR volunteer.utmck-redcross.org.
911 PTR disaster.utmck-redcross.org.
611 PTR health-safety.utmck-redcross.org.
555 PTR blood.utmck-redcross.org.
666 PTR military.utmck-redcross.org.
800 PTR youth.utmck-redcross.org.
723 PTR tissue.utmck-redcross.org.
899 PTR international.utmck-redcross.org.
Now, where does your domain appear in this last file??? ;-)
[I don't want anyone writing me telling me that none of the numbers
above are less than 255 - don't you think that was done deliberately?]
--
Joe Yao
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
More information about the bind-users
mailing list