Delegation of CIDR Block

Bob Vance bobvance at alumni.caltech.edu
Mon Feb 12 16:56:46 UTC 2001


Two things:

1.  Well, this is not a work-around for the ISP's denial of providing
    this pseudo-delegation -- this is what the ISP *should* do, but is
what the ISP is *refusing* to do :)

>My ISP does not want to delegate the CIDR block, they want to do the
>reverse lookup for me. And most they would like if they could do both,
>reverse and forward lookup.


2.  Your details do not show PTR records :)
    I believe that the customer zone data should be:

rev-17	IN	PTR	www.snizek.org.
                  ^^^
-------------------'

-----------------------------------------------
Tks          |  BVance at sbm.com
BV           |  BobVance at alumni.caltech.edu
Sr. Tech. Consultant,    SBM
Vox 770-623-3430         11455 Lakefield Dr.
Fax 770-623-3429         Duluth, GA 30097-1511
===============================================

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of Tobias Klausmann
Sent: Monday, February 12, 2001 8:22 AM
To: comp-protocols-dns-bind at moderators.isc.org
Subject: Re: Delegation of CIDR Block


Philipp Snizek <mailinglists at belfin.ch> wrote:
>My ISP is doing some headache to me. I run pri and sec dns (bind 8.2.3)
>reverse and forward lookup in a 28Bit Subnet. Because of ISP that does not
>want to take over delegation of this CIDR block, reverse lookup does not
>work really good. Instead of only my 28 Bit CIDR subnet I do the reverse
>lookup in belfin.ch for 24 Bit Subnet.
>My ISP does not want to delegate the CIDR block, they want to do the
reverse
>lookup for me. And most they would like if they could do both, reverse and
>forward lookup. Because of two reasons I do not have in mind to leave
>anything up to them. 1. Studying purposes, 2nd I  don't trust them (looked
>up over their dns with my bind forwarder. After 3 days their dns didn't do
>any lookups anymore.).
>
>Is there a work-around for my problem in a manner that I'll keep both,
>forward and reverse lookup?

For a short answer: yes

Here's the longer answer:

First of all: the forward resolution is no problem because that
one is not restricted to any set except the one of the domain
(for which you are responsible anyway).

The reverse part ist more difficult. Due to the way reverse
zones are implemented, they must consist of at least one /24
subnet (a /28 just won't fit into the reverse-zone-naming-scheme).

Therefore, when delegating reverse-dns for class-c-fragments, one
usually has a reverse zone for the /24 that looks like this
(this is what your provider should have):

; (I omitted the SOA)
; Rev-Zone for 192.168.99.0/24
; In this example we assume that all customers have /28s

0; is the net of customer 1
1	IN	CNAME	rev-1.customer1.com.
2       IN      CNAME   rev-2.customer1.com.
3       IN      CNAME   rev-3.customer1.com.
; ( and so on... )
13	IN	CNAME   rev-14.customer1.com.
14      IN      CNAME   rev-15.customer1.com.
;15 is broadcast
;16 is net of customer 2
17	IN	CNAME	rev-18.customer2.com.
18	IN	CNAME   rev-19.customer2.com.
;( and so on... )

Assuming, you are customer2, this is your zone file for customer2.com.:
; (SOA omitted)
rev-17	IN	CNAME	www.snizek.org.
rev-18	IN	CNAME	www.philips-palace.com.
; (plus your forward entries)

Then, 192.168.99.17 would resolve to www.snizek.org. and
192.168.99.18 would be www.philips-palace.com.

The customers themselves in turn run their own primary for the
domain customer1.com and customer2.com repectively. If the
reverse-lookup for an IP changes, they update their zone files
and are set, the ISP just keeps the pointers. Therefore, your
ISP only has to get it right once - and then you're your own king.

HTH,
Tobias







More information about the bind-users mailing list