Delegating in-addr.arpa at the fourth octet
Kevin Darcy
kcd at daimlerchrysler.com
Mon Apr 3 21:31:49 UTC 2000
bounce at holiday.home.org wrote:
> In the bind book on page 216, there are suggested three ways of setting
> this up. Solutions 2 requies that the server in each sub-domain has
> a separate zone file for each IP address.
>
> However, I believe that I can also do this with a single zone file
> containing all the addresses in that sub-domain PROVIDED that this
> nameserver is set to be a non-recursive nameserver. Any requests
> which end up at this nameserver are for that in-addr.arpa domain,
> so therefore only one zone file is needed. Are there any problems
> with this ?
I assume you mean that the zone file would be at the third octet-level,
same as the "real" parent zone of your PTR records, right? Last time this
idea was floated, it was shot down for the following reasons:
1. Bogus Authority information in your responses.
2. Blinding your own clients to the rest of the zone.
However, with some careful handling, I think it can be made to work. To
prevent bogus Authority information, make sure that the SOA and NS records
in the zone are always kept in sync with those in the "real" zone.
To prevent blinding your own clients, either set this up on a server which
isn't used by your clients, or somehow merge the data from the real zone
into your zone file.
This probably requires periodic zone transfers and some script-munging. It
could be done, but isn't it just easier to define the zones separately?
- Kevin
More information about the bind-users
mailing list