Reverse zone delegation for 172.16.16.0/20 - HOW TO?
Ellad G. Yatsko
eyatsko at ngs.ru
Fri May 18 16:29:35 UTC 2012
Hello!
There is the Supernet 172.16.0.0/12 is distributed through my network.
Some network hierarchy is built in this Supernet. Some addressing plan
is used.
There are some towns. Each town has IP pool of
172.16.0.0/16...172.30.0.0/16.
There are some sites in different districts of above towns, they get a
block of IP-addresess: 172.xx.0.0/20 from its main town's server.
Each ending site uses its networks in the following way:
- servers;
- voice;
- video surveillance;
- top-managers;
- accounting;
- ... some other departaments.
Indeed it's no matter what and why. Now I want to build hierarchic
structure of DNS servers in each location. And delegate zones accordingly.
But I have some troubles in the beginning. How do I describe topmost
172.16.0.0/12 zone?
I used a trick and made zone 172.in-addr.arpa. It is not exact but it works.
But I can't at all to delegate block 172.16.0.0/16 to second level
server to say nothing about delegation 172.16.16.0/20 from second level
to ending DNS!
Then I tried to solve this task in the most general way. I thought If I
learn how to delegate "most difficult zone" I delegate simplier one easily.
So I began to delegate 172.16.16.0/20 (not 172.16.0.0/16) from topmost
server to its neighbor as follows:
zone "172.in-addr.arpa" {
type master;
file "/etc/bind/master/reverse/172.in-addr.arpa";
forwarders { };
};
and (in zone file):
0.16/20.16.172.in-addr.arpa. IN NS
srvgate.sokol.msk.united-networks.ru.
$GENERATE 0-256 $.16.16.172.in-addr.arpa. IN CNAME
$.0.16/20.16.172.in-addr.arpa.
$GENERATE 0-256 $.31.16.172.in-addr.arpa. IN CNAME
$.0.31/20.16.172.in-addr.arpa.
And it does even work - delegating server asks fof 172.16.31.1 for
subordinate server, but I can't to explain to second DNS how to treat
172.16.31.1
relative to 0.16/20.16.172.in-addr.arpa locally. So I tried:
zone "0.16/20.16.172.in-addr.arpa" {
type master;
file "/etc/bind/slave/reverse/0.16-20.16.172.in-addr.arpa";
forwarders { };
};
and:
$TTL 3600 ; 1 hour
@ IN SOA srvgate.sokol.msk.united-networks.ru.
root.united-networks.ru. (
2012041707 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
IN NS srvgate.sokol.msk.united-networks.ru.
1.0.16/20.16.172.in-addr.arpa. IN PTR
srvgate.sokol.msk.united-networks.ru.
When I studied the issue I refered to an article
(http://www.simpledns.com/kb.aspx?kbid=1240) which greatly halped me before.
But I can't imagine how it will be for Class-B and Class-A supernets.
May help me with ideas and sintax?
I don't need to enumerate all 4096 /24 zones on topmost DNS, all 256
172.xx.yy.0/24 on second-level DNS and all 16 /24 zones for each site.
It is teh worst advise because it is approximately that what I have
today. I thought to order the structure and to do this "scientifically"
as RIRs do. :-)
Kind regards,
Ellad
More information about the bind-users
mailing list