Delegation of CIDR Block
Mathias Körber
mathias at koerber.org
Tue Feb 13 15:35:11 UTC 2001
> This only works if they are all part of rev.cust.com. Is there
> anyway to do
> it reguardless of the domain it's under? A friend has the same problem. He
> wrote the code and is hosting 20 different domains. He only
> bought 32 IP's.
> Is their any similer move for multiple domains?
No, as long they are all administrated by the same person/team, it should not
matter into which zone they are CNAMEd.
If you really want to further 'delegate' administration (note quotes to mark non-standard
usage of the verb delegate!), he could add another layer of CNAMES from rev.cust.com
to whatever zone they should be in. BUT:
a) CNAMES chains are not nice and they add one more lookup for each reverse
address, NOT GOOD
b) There is a limit on CNAME chains, Ithink it's 8 (have to look it up).
c) It gets more confusing.
"I would advise against it, but it can be done" (TM)
Mathias
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Bob Vance
> Sent: Tuesday, February 13, 2001 9:17 AM
> To: bind-users at isc.org
> Subject: RE: Delegation of CIDR Block
>
>
>
> Thanks.
> >it is often less work to make changes that customers need on a demand
> >basis, than battling ongoing problems caused by customers running the
> >masters badly.
>
> That's the type of info I wanted :)
> I really hadn't thought of that (since *I* never made an error when I
> ran the DNS :).
> Of course, in this case the ISP is *already* letting him master the
> forward domain, but just doesn't want to let him do a partial reverse.
>
> A single line in the ISP reverse domain would do the trick:
>
> $GENERATE 16-31 $ CNAME $.rev.cust.com.
>
> Then the customer can put the PTRs right in the forward zone:
>
> $ORIGIN .cust.com.
> ...
> foo IN A 1.2.3.4
> 19.rev IN PTR foo
>
>
> So what's special about the reverse data that the customer might screw
> up as opposed to the forward data he already has control of?
>
> Hmmm. Maybe breaking a reverse and then complaining that he can't send
> mail to some site whose mail system wants to do a reverse lookup :)
>
>
> -------------------------------------------------
> Tks | <mailto:BVance at sbm.com>
> BV | <mailto:BobVance at alumni.caltech.edu>
> Sr. Technical Consultant, SBM, A Gates/Arrow Co.
> Vox 770-623-3430 11455 Lakefield Dr.
> Fax 770-623-3429 Duluth, GA 30097-1511
> =================================================
>
>
>
>
>
> -----Original Message-----
> From: Andras Salamon [mailto:andras at dns.net]
> Sent: Tuesday, February 13, 2001 4:49 AM
> To: Bob Vance
> Subject: Re: Delegation of CIDR Block
>
>
> On Mon, Feb 12, 2001 at 11:11:48AM -0500, Bob Vance wrote:
> > It's definitely better (for you) for you to be master.
>
> In this case, it seems that way.
>
> > I think that they should allow you to be master and they should be
> > secondary, if that's what you want.
>
> Definitely.
>
> > OTOH, I don't work for an ISP ;>)
> >
> > I would be interested in hearing legitimate reasons why an ISP might
> be
> > reluctant to do this -- it's certainly not hard to implement, and can
> > even be done *without* a new delegation from them or a new zone in
> your
> > config.
>
> In an ISP environment, it has been my experience that it is often
> less work to make changes that customers need on a demand basis, than
> battling ongoing problems caused by customers running the masters badly.
> For around 1 in 10 zones it makes sense for the customer to run the
> master, especially if DNS changes are frequent and if the DNS skills at
> the customer are good.
>
> For the other 9 in 10 the cost is just too great. Making a one-line
> change to a zonefile costs less than spending 30 minutes on the phone
> diagnosing a spurious network problem, and another 30 convincing the
> customer that their name servers need fixing. I've lost count of the
> number of organisations that have switched ISPs due to 'bad provision of
> services' caused entirely by their name servers (and contents thereof)
> being flaky.
>
> In my opinion, a decent ISP should offer to run the master, but must be
> willing to allow the customer to run it. In addition, if the customer
> runs the master and does not have redundant links, the ISP should offer
> to support a hidden master setup.
>
> -- Andras Salamon andras at dns.net
>
>
>
>
>
More information about the bind-users
mailing list