Two RFC2317 Questions

Barry Margolin barmar at genuity.net
Tue Apr 9 20:42:46 UTC 2002 

In article <a8vith$28i at pub3.rc.vix.com>,
Barry Finkel  <b19141 at achilles.ctd.anl.gov> wrote:
>1) I have "/25" in my zone per the RFC, but swbell does not.  Is this
>   going to cause confusion or cause DNS not to function correctly?

Yes, it will prevent it from working.  The CNAME records have to point to
the names that have the PTR records.  There's nothing magical about /25,
and DNS doesn't know anything about subnetting.  These are all just
arbitrary tokens as far as DNS is concerned.

>   If so, do I have to remove my "/25", or does swbell have to add
>   "/25"?

One or the other.  I suggest you change yours.

>2) swbell has included in their zone my four nameservers as well as
>   their two nameservers.   I have only my four nameservers in my zone.
>   As swbell has not assigned me the whole Class-C subnet of their
>   Class-B, they have the other half of that Class-B on their servers;
>   that is why they include their nameservers as well as mine.
>   My reading of the RFC leads me to believe that the zone should
>   not reference the 
>
>        ns[12].swbell.net
>
>   servers because they have delegated the 127 addresses to my servers.
>   What should be in the NS records?

They've presumably configured their servers as slave servers for your zone.
You should allow them to do the zone transfers, and include the NS records
in your domain.  That way, queries can be satisfied with fewer recursion
steps -- when they return the CNAME record, they can return the PTR along
with it, rather than the querier having to then look up the target of the
CNAME, get a referral to your servers, and then query your servers.

It would also be a good idea for you to configure your servers as stealth
slaves for the Class-C reverse domain.  That way, when your machines look
up their own addresses you won't have to go out to the swbell.net servers
to find the CNAMEs that link back into your reverse domain.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list