Multiple Origin Statements

Saunders, Shawn SSaunders at mednet.ucla.edu
Fri May 7 19:35:29 UTC 2004 

> From: "Saunders, Shawn" <SSaunders at mednet.ucla.edu>
> To: comp-protocols-dns-bind at isc.org
> Subject: RE: Multiple Origin Statements
> Date: Fri, 7 May 2004 12:09:39 -0700 
> 
[...snip...]
> 
> Yes, Barry, I guess I will request them to delegate those specific IP's.
But
> I am curious, if I setup these zone files won't that stop my DNS server
from
> resolving IP's in those zones, that are not delegated to me?  I think I'll
> re-read RFC 2317.  Someone suggested that might shed some light on this
for
> me.  They are not delegating subnets, but specific IP's from multiple
> subnets that they manage to me.  And I am expected to be authoritative for
> those specific IPs.  It seems it would have been easier just to give me a
6
> host subnet and not have to worry about this weirdness.  But we work with
> what we have.

Shawn:

You are NOT being asked to be authoritative for those zones.  You are
being asked to be authoritative for YOUR own zone (domain).  What you
have to do is to return an IP address for each FQDN.  That fact that
the IP is not in your address space not-withstanding, you still return
an IP.

The fact that you have been delegated 123.xxx.yyy.zzz as your primary
IP space does not change the fact that you are authoritative for your
own DOMAIN.

If you want to include someone else's IP address in your zone file,
feel free.  However, you had better coordinate this with the real IP
space owner...

Could I take one of Xahoo's IP addresses and include it in my own
zone?  Sure!  However, if I didn't want to get VERY confused users, I
might want to coordinate with Xahoo to make sure that the machine that
is AT that particular IP address answers as though it was inside MY
domain.

If the application that runs on Xahoo's machine converses with machines
that require PTR lookups, either Xahoo sets up the PTR in their
namespace (coordinating with you) or you set up the PTR lookup (after
coordinating with Xahoo re RFC 2317) to make the reverse lookup
happen.

Regards,
Gregory Hicks

[clip previous]

It sounds like I am just making this more difficult than it is.  So I simply
include these 'rogue' IP's, but coordinate with the upstream DNS so we are
in sync.  That seems simple enough.

Shawn

More information about the bind-users mailing list