Delegation Question
Barry Margolin
barmar at bbnplanet.com
Thu Oct 28 23:01:16 UTC 1999
In article <D010AF0C20CCD211AAC30080C85826044FF9 at PCMSERVER>,
Tavis <Tavis at PCMSITE.COM> wrote:
>Hello all,
>
> We have a /20 216.99.96.0-216.99.111.255 from arin and I would like
>to delegate authority for one class C or /24 (216.99.107.0) to one of my
>customers. I have read through the parenting chapter in the cricket book
>several times but what they suggest doesn't seem to make sense in my case.
>I do not have access to the 99.216.in-addr.arpa file to delegate to
>delegate a /24 out of that zone in the way suggested in the book. Is there
>a way to do this without going to arin? I have authority for the /20 so it
>would make sense to me that i should be able to delegate pieces of the
>block. Is this correct? Do i have to use the classless method? Some
>examples would be great.
The usual techniques don't really work well in this case. As you point
out, you can't use the normal delegation mechanism, because the /16 block
isn't delegated to you. When ARIN assigns a /17-/23 block, they simply
delegate each /24 that's contained in it to your servers. And DNS doesn't
support "sideways" delegation.
What we usually do in cases like this is configure the servers that the /20
was delegated to as slave servers for the /24 domain. The customer can
include NS records listing their own servers in the domain, and they'll be
added to caches.
However, I just realized that the RFC 2317 technique can be used. Just
pretend that the entire /24 block is one big subnet, so configure yourself
as authoritative for the class C reverse domain, and put the following in
it:
0/24 NS ns1.customer.com.
NS ns2.customer.com.
$GENERATE 0-255 $ CNAME $.0/24
Then have the customer configure their servers as authoritative for the
0/24.107.99.216.in-addr.arpa zone, and put their PTR records in there.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list