/22 block and reverse delegation of one class C network

Kevin Darcy kcd at daimlerchrysler.com
Thu Dec 16 03:04:16 UTC 1999


mmj wrote:

> Hi all.  I'm new to the discussion list.  Sorry if this has
> been discussed before, is there archives somewhere I can
> research?
>
> My company has become an ISP, and we were given a /22 block
> by our upstream provider.  We have assigned one class C
> block to a customer, and I would like to give them reverse
> authority over that class C.  But I just can't get it to
> work.
>
> In named.boot I have tried setting it both as primary and
> secondary for the class c in-addr.arpa.  In a reverse file
> for the class C, I list all information about the customer,
> with NS records pointing to their name servers.  If I do a
> soa query in nslookup, it shows me all their information,
> but if I actually try to lookup one of their addresses it
> says nonexistent host/domain.  But I know their name servers
> do resolution, if I go directly to their server and ask for
> the reverse lookup I get the answer.
>
> Does anybody have an example of doing this delegation?  I
> see lots of examples in the DNS and BIND book about
> delegating out a class B to class Cs, subnetting a class C,
> etc.  but I just have 4 class Cs, and want to give one of
> them to a customer.I'm lost.

It won't work to configure yourself as the master if you want someone else to be the master. "There can be only one". If you want to be able to answer
authoritatively for this zone, while at the same time giving your customer control of the zone contents, you need to be a slave.

What happened when you configured yourself as a slave for the zone? Did the zone transfer happen? Since you are apparently using BIND 4 (upgrade!), you may
need to delete or rename the zone file and restart named in order to force the transfer. Once the transfer is successful, the slave should be able to
resolve the in-addr.arpa queries, since it has a copy of the zone contents and is considered "authoritative".

Now, if you get that far, and you want *everyone* -- not just the master, slave(s) and machines explicitly configured to use them -- to be able to resolve
these reverse queries, then you need to get the zone properly delegated by the controller of the parent zone, i.e. the master of the /16 network, i.e. your
upstream provider. *You* can't delegate it, because you don't control anything "above" the zone in the in-addr.arpa hierarchy. RFC 2317 describes a
technique for (pseudo-)delegating reverse zones beyond /24, but it's not a general prescription for ignoring in-addr.arpa octet-boundaries and it would be
pretty insane to apply the technique to your situation: your upstream provider would have to create 256 aliases instead of just a handful of delegation
records. Have your provider delegate the zone to your servers, your customer's servers, or some combination.

                                                                                                                                        - Kevin

P.S. No offense intended, but "My company has become an ISP" sounds somewhat humorous to me, like you're just going along and POOF! suddenly you're an ISP.
I hate when that happens...




More information about the bind-users mailing list