setting up reverse DNS to dozens of /24 networks
Justin Pryzby
justinpryzby at users.sourceforge.net
Fri Aug 22 14:56:43 UTC 2008
On Fri, Aug 22, 2008 at 03:03:03PM +0100, Chris Thompson wrote:
> On Aug 22 2008, Hal Jackson wrote:
>
> >My client owns several dozen /24 networks but not an entire /16. All these
> >networks are contiguous, like
> >
> >192.168.128
> >192.168.129
> >192.168.130
> >.
> >.
> >192.168.230
> >
> >the parent nameserver at ARIN delegates these one at a time.
> >
> >Is there a simple way of consolidating all these into one (zone) file, or
> >are many separate zones required, each with its own file directive in
> >named.conf?
>
> See the fairly recent thread "Using DNAMEs for RFC2317-like delegations"
> starting at http://marc.info/?l=bind-users&m=121734050326238
>
> But whether you could get ARIN, or any other registry, to create DNAMEs
> rather than delegations for you, is another matter ...
Note that /24s don't require 2317/classless delegation: that's only
needed for IP blocks smaller than /24, since then the different
networks end on a "." (zone) boundary.
I think you'll have no problem if you use a single "zone" statement
and file. Querying clients don't care if you don't have 256 SOAs, all
they want is the answer to some specific question.
The only problem might be if you don't have all 256 /24's, or if
they're not consecutive. Then using a full /16 (zone
"168.192.in-addr.arpa" {...}) means that any hosts *not* listed there
will get NXDOMAIN response from your server, even if the rest of the
internet (and dig +trace -x 192.168..) sees PTRs for every address.
If this is a non-recursive server then that might not matter anyway,
since there'll be no special "internal"/stub clients always looking to
that server rather than following delegation to the real NS for the
other subdomains of 168.192.
Justin
More information about the bind-users
mailing list