Split authority for class-B?

Kevin Darcy kcd at daimlerchrysler.com
Thu Apr 27 20:33:02 UTC 2006 

Davenport, Steve M. wrote:

>Resending the message from my outbox one more time. For some reason the text
>was cutoff, maybe someone didn't like the question  ;>)... 
>
>-----Original Message-----
>From: Davenport, Steve M. 
>Sent: Thursday, April 27, 2006 12:38 PM
>To: 'bind-users at isc.org'
>Subject: Split authority for class-B?
>
> 
>We own a class-B IP space and our partner organization wants to assume
>ownership of some of our unused addresses (in class-C blocks). Is it
>possible for a root server to segment the class-B and delegate a portion to
>our nameservers and the rest to our partner's nameservers, or must we use
>zone deligation which would mean that the partner's deligated zone would
>have our domain name as a suffix?
>
OK, first of all, pet peeve of mine: "Class B" != /16, "Class C" != /24. 
There is no such thing as a "class-C block" within a "class-B IP space", 
since the first octet of a Class B address is in the range 128 through 
191, and the first octet of a Class C address is in the range 192 
through 223. Never the twain shall meet. Please learn and use prefix 
terminology. "Class" terminology may sound impressive to the 
network-illiterate among telecom professionals it is increasingly viewed 
as inaccurate and passe. CIDR rules.

Now, to answer your question: your partner can point their names to the 
addresses in the /24 block that are you designating for their use, using 
their *own* domain names. There is only a *loose* correspondence, in the 
forward DNS, between names and addresses. For that matter, I could point 
a name in one of my domains into your address space. I wouldn't need 
"permission" or "authorization" for that, certainly no delegation would 
be necessary, and the root servers wouldn't know a thing about it.

As for the *reverse* DNS, however, which is much more sensitive to 
addressing, you might want to take a little more care. Best option might 
be to delegate the reverse zones corresponding to the /24 ranges in 
question to the other organization so that they can manage them on their 
own. Reverse-zone delegation, however, would not result in them 
"hav[ing] [y]our domain name as a suffix", since suffixes in the reverse 
DNS, in the absence of RFC 2317 or similar shenanigans, only reflect 
address octets, not organizational affiliations.

                                                                         
                                          - Kevin

More information about the bind-users mailing list