CIDR Reverse-DNS Zone Updates

Simon Hobson dhcp1 at thehobsons.co.uk
Thu Aug 10 07:12:15 UTC 2006 

Suertreus wrote:
>I run a network on half of a 10.x.x.x Class A private address space 
>using CIDR.  My network is
>10.128.0.0/9, so the associated DNS zones are as follows in BIND named.conf:
>
>01        zone "foo.bar.baz" {
>02                type master;
>03                file "foo.bar.baz.zone";
>04                update-policy { grant dhcp-key subdomain 
>"foo.bar.baz." A AAAA TXT; };
>05        };
>06        zone "10.in-addr.arpa" {
>07                type master;
>08                file "10.in-addr.arpa.zone";
>09        };
>10        zone "128/9.10.in-addr.arpa" {
>11                type master;
>12                file "128-9.10.in-addr.arpa.zone";
>13                update-policy { grant dhcp-key subdomain 
>"128/9.10.in-addr.arpa." PTR TXT; };
>14        };

Check the archives, there has been a discussion of how to handle this 
several times over the years - normally to manage updates of a range 
smaller than /24. The key things to remember are :

DHCP does NOT support updating of arbitrary zones, it takes the ip 
address, reverses the octets, and appends the reverse domain name 
(deafult in-addr.arpa).

What you can do in the general case is this :

create your local zone, for example "rev.mydomain.com" - it can be 
anything as long as dhcp can update d.c.b.a.something for address 
a.b.c.d.

For you subnets in the 10.128.0.0/9 range, set the base zone for ddns 
updates to "rev.mydomain.com". It will now treat rev.mydomain.com as 
the root for reverse dns updates in those subnet(s).

Build the relevant zones/delegations in dns, bearing in mind that as 
some point you need entries of the form "d.c.b.a.in-addr.arpa CNAME 
d.c.b.a.rev.mydomain.com" which can be achieved by the use of 
$GENERATE. You are probably doing this in some way already just to 
make dns work.


However, what you have is effectively a supernet which makes things 
very, very, very much simpler IF you reconfigure your dns. You might 
benefit from this anyway as the pain of managing a 
128/9.10.in-addr.arpa can be higher than managing the 
n.10.in-addr.arpa zones that make it up.

To do this you simply define separate zones for :
128.10.in-addr.arpa, 129.10.in-addr.arpa, and so on.

More information about the dhcp-users mailing list