Delegation Question

Barry Margolin barmar at bbnplanet.com
Thu Oct 28 23:01:16 UTC 1999


In article <D010AF0C20CCD211AAC30080C85826044FF9 at PCMSERVER>,
Tavis  <Tavis at PCMSITE.COM> wrote:
>Hello all,
>
>	We have a /20 216.99.96.0-216.99.111.255 from arin and I would like
>to delegate authority for one class C or /24 (216.99.107.0) to one of my
>customers.  I have read through the parenting chapter in the cricket book
>several times but what they suggest doesn't seem to make sense in my case.
>I do not have access to the  99.216.in-addr.arpa file to delegate to
>delegate a /24 out of that zone in the way suggested in the book.  Is there
>a way to do this without going to arin?  I have authority for the /20 so it
>would make sense to me that i should be able to delegate pieces of the
>block.  Is this correct?  Do i have to use the classless method?  Some
>examples would be great.  

The usual techniques don't really work well in this case.  As you point
out, you can't use the normal delegation mechanism, because the /16 block
isn't delegated to you.  When ARIN assigns a /17-/23 block, they simply
delegate each /24 that's contained in it to your servers.  And DNS doesn't
support "sideways" delegation.

What we usually do in cases like this is configure the servers that the /20
was delegated to as slave servers for the /24 domain.  The customer can
include NS records listing their own servers in the domain, and they'll be
added to caches.

However, I just realized that the RFC 2317 technique can be used.  Just
pretend that the entire /24 block is one big subnet, so configure yourself
as authoritative for the class C reverse domain, and put the following in
it:

0/24  NS  ns1.customer.com.
      NS  ns2.customer.com.
$GENERATE 0-255 $ CNAME $.0/24

Then have the customer configure their servers as authoritative for the
0/24.107.99.216.in-addr.arpa zone, and put their PTR records in there.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.


More information about the bind-users mailing list