RFC 2317 Aliases in addr.arpa zone pointing to PTR records, was [Re: Simple Delegation Question]
Kevin Darcy
kcd at daimlerchrysler.com
Wed Aug 2 00:39:35 UTC 2000
birgitt wrote:
> ----- Original Message -----
> From: Kevin Darcy <kcd at daimlerchrysler.com>
> To: Comp-Protocols-Dns-Bind <comp-protocols-dns-bind at moderators.isc.org>
> Sent: Tuesday, August 01, 2000 7:50 PM
> Subject: Re: Simple Delegation Question
>
> > This fact could result in political/administrative problems if the
> > Win2K support staff, for example, want to manage *their* addresses and the
> > support staff for the existing machines want to manage *their* addresses, on
> > different DNS servers, all in the same /24 aka a C-class address space. In this
> > case, you have to pick one DNS server to be the master and then use a
> > technique, described in RFC 2317, whereby you create aliases in the
> > regular in-addr.arpa zone, pointing to PTR records in a zone controlled by the
> > other organization.
> >
>
> My ISP doesn't want to use the method described in RFC2317 to delegate
> me management of my /27 sub-C-class IP range on my own primary name server.
>
> They want me to write out an in-addr.arpa zone file for the _complete_ class C
> and then they want to redelegate my sub IP range back to me.
>
> Would that work ? I am confused as to which primary name servers I should point
> then my in-addr.arpa file, to mine or to their's. So far I didn't get an
> answer.But does their suggestion work ?
I assume by "redelegate" you mean that they intend to create an NS record for every
address in your /27 range? This only works properly if you create and maintain a
separate zone for each address. If you make your server master for the entire
C-class, as they suggest, then the Authority Section of your responses won't match
the zone to which the querying nameserver was referred, and this is likely to be
detected and/or rejected as an error. At the very least, by setting your server up
as master for the C-class, you'll be "blinding" it to other PTR's on the C-class,
unless you want to shoulder the burden of constantly checking the real C-class for
adds/changes/deletes and keeping your fake version in sync. Bleah.
How hard can it be, really, for them to modify their tools to support RFC 2317? It
is a Best Current Practice, after all; are they not a Best Current ISP?
- Kevin
More information about the bind-users
mailing list