Question about RFC-2317

Edward Lewis Ed.Lewis at neustar.biz
Thu Jan 4 18:39:53 UTC 2007 

At 9:19 -0800 1/4/07, Clenna Lumina wrote:
>But why?

Because DNS can only delegate every 8 bits, IP can delegate on any bit length.

Let's say you are an ISP and have a /22 allocated to you by an RIR. 
A /22 consists of 4 /24's.  10.12.52.0 to 10.12.55.255 is the range 
(equivalent to 10.12.52/22).

Your first customer gets 256 addresses - 10.12.52.0/24 - and wants to do DNS.
The second customer gets 128 addresses - 10.12.53.0/25 - ditto
The third customer gets 128 addresses  - 10.12.53.128/25 - ditto

The first customer wants to use ns1.example. and ns2.example.
The second customer wants to use ns1.foo.bar. and ns2.foo.bar.
The third customer wants to use dns0.xn--55qx5d.cn. and dns1.xn--55qx5d.cn.

How do you break up the second /24?

You have "ns0.mycompany.net." and "ns1.mycompany.net."  What does the 
zone look like?  Well, you have four...

52.12.10.in-addr.arpa --> for this you run nothing, you have the RIR 
delegate the zone to the first customer, meaning that 
12.10.in-addr.arpa. has this:

$ORIGIN 12.10.in-addr.arpa.
52      NS ns1.example.
         NS ns2.example.
53      NS ns0.mycompany.net.
         NS ns1.mycompany.net.
54      NS ns0.mycompany.net.
         NS ns1.mycompany.net.
55      NS ns0.mycompany.net.
         NS ns1.mycompany.net.

For your second and third customers, you would have to use RFC 2317 
to split the range to two different server sets.

$ORIGIN 53.12.10.in-addr.arpa.
@       SOA
         NS ns0.mycompany.net.
         NS ns1.mycompany.net.

$GENERATE    0-127 $ CNAME $.customer2.53.12.10.in-addr.arpa.
$GENERATE  128-255 $ CNAME $.customer3.53.12.10.in-addr.arpa.

customer2.53.12.10.in-addr.arpa. NS ns1.foo.bar.
customer2.53.12.10.in-addr.arpa. NS ns2.foo.bar.
customer3.53.12.10.in-addr.arpa. NS dns0.xn--55qx5d.cn.
customer3.53.12.10.in-addr.arpa. NS dns1.xn--55qx5d.cn.

----end of the zone file----

When a query for "100.53.12.10.in-addr.arpa PTR comes to your server, 
you will answer with

100.53.12.10.in-addr.arpa CNAME 100.customer2.53.12.10.in-addr.arpa.
and
customer2.53.12.10.in-addr.arpa. NS ns1.foo.bar.
customer2.53.12.10.in-addr.arpa. NS ns2.foo.bar.

At this point, the customer can put whatever entries they want in the 
reverse map, they are independent of you for this.

If you didn't do this, then you'd have to blow an entire /24 on each 
customer that wanted to do DNS or you would have to manage the DNS 
for them.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Dessert - aka Service Pack 1 for lunch.

More information about the bind-users mailing list