Delegation of CIDR Block

Mathias Körber mathias at koerber.org
Tue Feb 13 15:35:11 UTC 2001 

> This only works if they are all part of rev.cust.com. Is there 
> anyway to do
> it reguardless of the domain it's under? A friend has the same problem. He
> wrote the code and is hosting 20 different domains. He only 
> bought 32 IP's.
> Is their any similer move for multiple domains?

No, as long they are all administrated by the same person/team, it should not
matter into which zone they are CNAMEd.

If you really want to further 'delegate' administration (note quotes to mark non-standard
usage of the verb delegate!), he could add another layer of CNAMES from rev.cust.com
to whatever zone they should be in. BUT:
	a) CNAMES chains are not nice and they add one more lookup for each reverse
	address, NOT GOOD
	b) There is a limit on CNAME chains, Ithink it's 8 (have to look it up).
	c) It gets more confusing.

	"I would advise against it, but it can be done" (TM)

Mathias
> 
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Bob Vance
> Sent: Tuesday, February 13, 2001 9:17 AM
> To: bind-users at isc.org
> Subject: RE: Delegation of CIDR Block
> 
> 
> 
> Thanks.
> >it is often less work to make changes that customers need on a demand
> >basis, than battling ongoing problems caused by customers running the
> >masters badly.
> 
> That's the type of info I wanted :)
> I really hadn't thought of that (since *I* never made an error when I
> ran the DNS :).
> Of course, in this case the ISP is *already* letting him master the
> forward domain, but just doesn't want to let him do a partial reverse.
> 
> A single line in the ISP reverse domain would do the trick:
> 
> $GENERATE 16-31 $  CNAME  $.rev.cust.com.
> 
> Then the customer can put the PTRs right in the forward zone:
> 
> $ORIGIN .cust.com.
>    ...
> foo  IN  A  1.2.3.4
> 19.rev   IN  PTR  foo
> 
> 
> So what's special about the reverse data that the customer might screw
> up as opposed to the forward data he already has control of?
> 
> Hmmm.  Maybe breaking a reverse and then complaining that he can't send
> mail to some site whose mail system wants to do a reverse lookup :)
> 
> 
> -------------------------------------------------
> Tks        | <mailto:BVance at sbm.com>
> BV         | <mailto:BobVance at alumni.caltech.edu>
> Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
> Vox 770-623-3430           11455 Lakefield Dr.
> Fax 770-623-3429           Duluth, GA 30097-1511
> =================================================
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Andras Salamon [mailto:andras at dns.net]
> Sent: Tuesday, February 13, 2001 4:49 AM
> To: Bob Vance
> Subject: Re: Delegation of CIDR Block
> 
> 
> On Mon, Feb 12, 2001 at 11:11:48AM -0500, Bob Vance wrote:
> > It's definitely better (for you) for you to be master.
> 
> In this case, it seems that way.
> 
> > I think that they should allow you to be master and they should be
> > secondary, if that's what you want.
> 
> Definitely.
> 
> > OTOH, I don't work for an ISP ;>)
> >
> > I would be interested in hearing legitimate reasons why an ISP might
> be
> > reluctant to do this -- it's certainly not hard to implement, and can
> > even be done *without* a new delegation from them or a new zone in
> your
> > config.
> 
> In an ISP environment, it has been my experience that it is often
> less work to make changes that customers need on a demand basis, than
> battling ongoing problems caused by customers running the masters badly.
> For around 1 in 10 zones it makes sense for the customer to run the
> master, especially if DNS changes are frequent and if the DNS skills at
> the customer are good.
> 
> For the other 9 in 10 the cost is just too great.  Making a one-line
> change to a zonefile costs less than spending 30 minutes on the phone
> diagnosing a spurious network problem, and another 30 convincing the
> customer that their name servers need fixing.  I've lost count of the
> number of organisations that have switched ISPs due to 'bad provision of
> services' caused entirely by their name servers (and contents thereof)
> being flaky.
> 
> In my opinion, a decent ISP should offer to run the master, but must be
> willing to allow the customer to run it.  In addition, if the customer
> runs the master and does not have redundant links, the ISP should offer
> to support a hidden master setup.
> 
> -- Andras Salamon                   andras at dns.net
> 
> 
> 
> 
>

More information about the bind-users mailing list