Reverse zone delegation for 172.16.16.0/20 - HOW TO?

Ellad G. Yatsko eyatsko at ngs.ru
Fri May 18 16:29:35 UTC 2012 

Hello!

There is the Supernet 172.16.0.0/12 is distributed through my network. 
Some network hierarchy is built in this Supernet. Some addressing plan 
is used.

There are some towns. Each town has IP pool of 
172.16.0.0/16...172.30.0.0/16.

There are some sites in different districts of above towns, they get a 
block of IP-addresess: 172.xx.0.0/20 from its main town's server.

Each ending site uses its networks in the following way:
- servers;
- voice;
- video surveillance;
- top-managers;
- accounting;
- ... some other departaments.

Indeed it's no matter what and why. Now I want to build hierarchic 
structure of DNS servers in each location. And delegate zones accordingly.
But I have some troubles in the beginning. How do I describe topmost 
172.16.0.0/12 zone?

I used a trick and made zone 172.in-addr.arpa. It is not exact but it works.

But I can't at all to delegate block 172.16.0.0/16 to second level 
server to say nothing about delegation 172.16.16.0/20 from second level 
to ending DNS!
Then I tried to solve this task in the most general way. I thought If I 
learn how to delegate "most difficult zone" I delegate simplier one easily.

So I began to delegate 172.16.16.0/20 (not 172.16.0.0/16) from topmost 
server to its neighbor as follows:


zone "172.in-addr.arpa" {
   type master;
   file "/etc/bind/master/reverse/172.in-addr.arpa";
   forwarders { };
};

and (in zone file):

0.16/20.16.172.in-addr.arpa.    IN NS   
srvgate.sokol.msk.united-networks.ru.
$GENERATE 0-256 $.16.16.172.in-addr.arpa.       IN CNAME 
$.0.16/20.16.172.in-addr.arpa.
$GENERATE 0-256 $.31.16.172.in-addr.arpa.       IN CNAME 
$.0.31/20.16.172.in-addr.arpa.

And it does even work - delegating server asks fof 172.16.31.1 for 
subordinate server, but I can't to explain to second DNS how to treat 
172.16.31.1
relative to 0.16/20.16.172.in-addr.arpa locally. So I tried:

zone "0.16/20.16.172.in-addr.arpa" {
   type master;
   file "/etc/bind/slave/reverse/0.16-20.16.172.in-addr.arpa";
   forwarders { };
};

and:

$TTL 3600       ; 1 hour
@                       IN SOA  srvgate.sokol.msk.united-networks.ru. 
root.united-networks.ru. (
                                 2012041707 ; serial
                                 900        ; refresh (15 minutes)
                                 600        ; retry (10 minutes)
                                 86400      ; expire (1 day)
                                 3600       ; minimum (1 hour)
                                 )
                         IN NS   srvgate.sokol.msk.united-networks.ru.

1.0.16/20.16.172.in-addr.arpa.                  IN PTR 
srvgate.sokol.msk.united-networks.ru.

When I studied the issue I refered to an article 
(http://www.simpledns.com/kb.aspx?kbid=1240) which greatly halped me before.
But I can't imagine how it will be for Class-B and Class-A supernets.

May help me with ideas and sintax?

I don't need to enumerate all 4096 /24 zones on topmost DNS, all 256 
172.xx.yy.0/24 on second-level DNS and all 16 /24 zones for each site.
It is teh worst advise because it is approximately that what I have 
today. I thought to order the structure and to do this "scientifically" 
as RIRs do. :-)

Kind regards,
Ellad

More information about the bind-users mailing list