Reverse Delegation Sanity check
Mark.Andrews at iengines.com
Mark.Andrews at iengines.com
Tue Dec 14 02:37:19 UTC 1999
> Folks,
>
> I need a little sanity check on my work before I put this into
> production since I havent done reverse delegation for a LONG time.
>
> I have 2 subnets that need to be delegated out to another nameserver.
>
> First is the 137.236.0.0/255 Class B address which my main nameserver is
> responsible for. I need to delegate out 137.236.214.0/255 to another dns
> server.
Note <IP address>/<number of significant bits>.
Old Class A -> /8
Old Class B -> /16
Old Class C -> /24
To delegate 137.236.214.0/24 just do it like you would and other
zone. In the zone file for 236.137.in-addr.arpa add:
e.g.
214 IN NS medns1.messagereach.com.
primary 214.236.137.in-addr.arpa db.137.236.214
>
> Second is the 205.183.255.0/255 Class C address which is another
> nameserver I am responsible for. I need to delegate out a subnet
> of that class C. 205.183.255.223/224 to another dns server.
>
[deleted class B example]
>
> For the Class C subnet delegation I do on the 205.183.255.0/255 primary
> dns server I put in the db.205.183.255 file
A mask of 255.255.255.224 -> /27.
205.183.255.223/27 is 205.183.255.192 - 205.183.255.233
though it would normally be written as 205.183.255.192/27.
205.183.255.224/27 is 205.183.255.224 - 205.183.255.255
I generally use <start>-<stop>.XXX.XXX.XXX.IN-ADDR.ARPA as it
avoids bugs in resolver implementations and works for non bit
alligned delegations.
e.g.
224-255 IN NS medns1.messagereach.com.
224 IN CNAME 224.224-255
...
255 IN CNAME 255.224-255
secondary 255.183.205.in-addr.arpa <IP of primary> db.205.183.255
primary 224-255.255.183.205.in-addr.arpa db.205.183.255.224
>
> 224/223 NS medns1.messagereach.com.
> 224 CNAME 224.224/223
> 225 CNAME 225.224/223
> 226 CNAME 226.224/223
> 227 CNAME 227.224/223
> 228 CNAME 228.224/223
>
> .. And so on up to 255 for the subnetted class C.
>
> Then on the medns1.messagereach.com server I setup in the named.boot file
>
> primary 224/223.255.183.205.in-addr.arpa db.205.183.255.223
>
> Is this correct? If not where did I go wrong? Any shortcuts I could use?
> Thanks for any help..
BIND 8 has $GENERATE which allows you to generate a range of
RRs based on a template.
Also if you are serving a /25 to /32 it is good practice to serve
the parent zone as well. See the example above.
Mark
>
> Mike
>
> --
> Friends help you move. Real friends help you move bodies.
>
>
--
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at iengines.com
More information about the bind-users
mailing list