Breaking up RFC 1918 reverse space
Kevin Oberman
kob6558 at gmail.com
Sun Jul 24 03:39:46 UTC 2011
On Sat, Jul 23, 2011 at 6:01 PM, Laws, Peter C. <plaws at ou.edu> wrote:
> Decloaking to ask for pointers to some help regarding RFC 1918 zone delegation.
>
> We use 10/8 space extensively over multiple campuses. We need to delegate at the 10/ essentially, the 10/16 level. Is there a better way to do it than
>
>
> zone "0.10.IN-ADDR.ARPA" {
> type master;
> file "internal/db.10.rev";
> allow-query { network_internal; };
> };
> zone "1.10.IN-ADDR.ARPA" {
> type master;
> file "internal/db.10.rev";
> allow-query { network_internal; };
> };
>
> zone "2.10.IN-ADDR.ARPA" {
> type master;
> file "internal/db.10.rev";
> allow-query { network_internal; };
> };
>
> et cetera, ad nauseum and then putting in NS records as necessary?
>
> A little less than half of the zones would remain with us with the other half-and-a-bit delegated away.
>
> I'm afraid of the answer since I fear I'm stuck with making 256 zones ...
>
> BIND 9.3 as hacked by Red Hat, though now that we found the bind97 packages in the supported repo, we may go with that.
Check the $GENERATE macro. It's in the ARM in Chapter 6.
I'd also seriously suggest looking into an IPAM tool. It makes this
sort of thing a lot easier and, with IPv6 is is almost essential. Both
open-source and commercial tools are available, but I am not sure of
open source tools that support IPv6 well.
Finally, you really need to move to at LEAST 9.7. It has decent DNSSEC
support and many other important capabilities.
--
R. Kevin Oberman, Network Engineer - Retired
E-mail: kob6558 at gmail.com
More information about the bind-users
mailing list