Two RFC2317 Questions
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Tue Apr 9 20:56:21 UTC 2002
Barry Finkel <b19141 at achilles.ctd.anl.gov> wrote:
> I have two questions about RFC 2317; this is my first attempt at using
> that RFC. We have been assigned by
> swbell.net
> a subnet of
> 241.60.216.in-addr.arpa.
> Specifically we have been assigned addresses 1-127. Other clients
> have been assigned the addresses 128-254. I followed RFC 2317
> and I set up this on our master BIND 8.2.5-REL server. First the
> zone definition in named.conf, then the actual zone:
> ----------
> zone "0/25.241.60.216.in-addr.arpa." {
> type master;
> file "able.rev";
> };
> ----------
> $TTL 86400 ; default time to live is 1 day
> $ORIGIN 0/25.241.60.216.in-addr.arpa.
> ;$INCLUDE named.local
> ; named.soa
> ; define start of authority, name servers and loopback
> ; As per BIND 4.9 operations guide, serial number format is now
> ; "YYYYMMDDNN" where NN is the daily sequence number.
> ;
> @ IN SOA dns0.anl.gov. hostmaster.anl.gov. (
> 2002040800 ; Serial
> 7200 ; Refresh - 2 hours
> 3600 ; Retry - 1 hour
> 1209600 ; Expire - 14 days
> 604800 ) ; Neg. cache - 7 days
> IN NS dns1.anl.gov.
> IN NS dns2.anl.gov.
> IN NS nsx.lbl.gov.
> IN NS ns2.es.net.
> ;
> 17 IN PTR csgax.able.anl.gov.
> <<I have omitted the rest of the zone here.>>
> ----------
> What swbell has set up on their nameservers (ns1.swbell.net and
> ns2.swbell.net) is:
> ----------
> ; <<>> DiG 2.0 <<>> @ns1.swbell.net 241.60.216.in-addr.arpa AXFR
> ;; QUESTIONS:
> ;; 241.60.216.in-addr.arpa, type = AXFR, class = IN
> 241.60.216.in-addr.arpa. 7200 SOA ns1.swbell.net.
> postmaster.swbell.net. (
> 200204090 ;serial
> 3600 ;refresh
> 900 ;retry
> 604800 ;expire
> 7200 ) ;minim
> 0.241.60.216.in-addr.arpa. 7200 NS dns1.anl.gov.
> 0.241.60.216.in-addr.arpa. 7200 NS dns2.anl.gov.
> 0.241.60.216.in-addr.arpa. 7200 NS ns2.es.net.
> 0.241.60.216.in-addr.arpa. 7200 NS nsx.lbl.gov.
> 0.241.60.216.in-addr.arpa. 7200 NS ns1.swbell.net.
> 0.241.60.216.in-addr.arpa. 7200 NS ns2.swbell.net.
> 1.241.60.216.in-addr.arpa. 7200 CNAME 1.0.241.60.216.in-addr.arpa.
> 2.241.60.216.in-addr.arpa. 7200 CNAME 2.0.241.60.216.in-addr.arpa.
> 3.241.60.216.in-addr.arpa. 7200 CNAME 3.0.241.60.216.in-addr.arpa.
> <<I have omitted records 4-123 here.>>
> 124.241.60.216.in-addr.arpa. 7200 CNAME 124.0.241.60.216.in-addr.arpa.
> 125.241.60.216.in-addr.arpa. 7200 CNAME 125.0.241.60.216.in-addr.arpa.
> 126.241.60.216.in-addr.arpa. 7200 CNAME 126.0.241.60.216.in-addr.arpa.
> ----------
> The two questions I have are these:
> 1) I have "/25" in my zone per the RFC, but swbell does not. Is this
> going to cause confusion or cause DNS not to function correctly?
> If so, do I have to remove my "/25", or does swbell have to add
> "/25"?
You have used "0/25" swbell uses "0"
You have to use "0" or else noone will find your zone data.
> 2) swbell has included in their zone my four nameservers as well as
> their two nameservers. I have only my four nameservers in my zone.
> As swbell has not assigned me the whole Class-C subnet of their
> Class-B, they have the other half of that Class-B on their servers;
> that is why they include their nameservers as well as mine.
> My reading of the RFC leads me to believe that the zone should
> not reference the
> ns[12].swbell.net
> servers because they have delegated the 127 addresses to my servers.
> What should be in the NS records?
All 6, otherwize you wall have a couple of Lame delegations.
This is considered "good procedures" since queries to them about your IP
will enable them to supply the PTR as "additional data".
> Thanks.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Electronics and Computing Technologies Division
> Argonne National Laboratory Phone: +1 (630) 252-7277
> 9700 South Cass Avenue Facsimile:+1 (630) 252-4601
> Building 222, Room D209 Internet: BSFinkel at anl.gov
> Argonne, IL 60439-4828 IBMMAIL: I1004994
--
Peter Håkanson
IPSec Sverige (At the Riverside of Gothenburg, home of Volvo)
Sorry about my e-mail address, but i'm trying to keep spam out.
Remove "icke-reklam" and it works.
More information about the bind-users
mailing list