Question about RFC-2317
Edward Lewis
Ed.Lewis at neustar.biz
Thu Jan 4 18:39:53 UTC 2007
At 9:19 -0800 1/4/07, Clenna Lumina wrote:
>But why?
Because DNS can only delegate every 8 bits, IP can delegate on any bit length.
Let's say you are an ISP and have a /22 allocated to you by an RIR.
A /22 consists of 4 /24's. 10.12.52.0 to 10.12.55.255 is the range
(equivalent to 10.12.52/22).
Your first customer gets 256 addresses - 10.12.52.0/24 - and wants to do DNS.
The second customer gets 128 addresses - 10.12.53.0/25 - ditto
The third customer gets 128 addresses - 10.12.53.128/25 - ditto
The first customer wants to use ns1.example. and ns2.example.
The second customer wants to use ns1.foo.bar. and ns2.foo.bar.
The third customer wants to use dns0.xn--55qx5d.cn. and dns1.xn--55qx5d.cn.
How do you break up the second /24?
You have "ns0.mycompany.net." and "ns1.mycompany.net." What does the
zone look like? Well, you have four...
52.12.10.in-addr.arpa --> for this you run nothing, you have the RIR
delegate the zone to the first customer, meaning that
12.10.in-addr.arpa. has this:
$ORIGIN 12.10.in-addr.arpa.
52 NS ns1.example.
NS ns2.example.
53 NS ns0.mycompany.net.
NS ns1.mycompany.net.
54 NS ns0.mycompany.net.
NS ns1.mycompany.net.
55 NS ns0.mycompany.net.
NS ns1.mycompany.net.
For your second and third customers, you would have to use RFC 2317
to split the range to two different server sets.
$ORIGIN 53.12.10.in-addr.arpa.
@ SOA
NS ns0.mycompany.net.
NS ns1.mycompany.net.
$GENERATE 0-127 $ CNAME $.customer2.53.12.10.in-addr.arpa.
$GENERATE 128-255 $ CNAME $.customer3.53.12.10.in-addr.arpa.
customer2.53.12.10.in-addr.arpa. NS ns1.foo.bar.
customer2.53.12.10.in-addr.arpa. NS ns2.foo.bar.
customer3.53.12.10.in-addr.arpa. NS dns0.xn--55qx5d.cn.
customer3.53.12.10.in-addr.arpa. NS dns1.xn--55qx5d.cn.
----end of the zone file----
When a query for "100.53.12.10.in-addr.arpa PTR comes to your server,
you will answer with
100.53.12.10.in-addr.arpa CNAME 100.customer2.53.12.10.in-addr.arpa.
and
customer2.53.12.10.in-addr.arpa. NS ns1.foo.bar.
customer2.53.12.10.in-addr.arpa. NS ns2.foo.bar.
At this point, the customer can put whatever entries they want in the
reverse map, they are independent of you for this.
If you didn't do this, then you'd have to blow an entire /24 on each
customer that wanted to do DNS or you would have to manage the DNS
for them.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Dessert - aka Service Pack 1 for lunch.
More information about the bind-users
mailing list