subnets et in-addr.arpa
Mark Andrews
Mark_Andrews at isc.org
Fri Aug 19 00:56:41 UTC 2005
> Hello Mark.
>
> Mark Andrews a =E9crit :
>
> > > Hello /dev/smthing
> > >
> > > /dev/rob0 a =3DE9crit :
> > >
> > > > On Tuesday 2005-August-16 02:41, cmic wrote:
> > > > > > Of course it is, why not? Your zone would be "21.172.in-addr.arpa=
> ."
> > > >
> > > > > 172.21.36.12 and 172.21.39.254 for example. This is why I post this
> > > > > request.
> > > >
> > > > And you'll be authoritative for 172.21.0.0 through 172.21.255.255. Is
> > > > that a problem for you? Does someone else "own" the rest of that /16?
> > > > You are aware that it's a reserved netblock, yes?
> > >
> > > Alas yes, the other subnets (particularly the neighbours) are reserved.
> > > In fact the French ministery decided one day to allocate chunks of
> > > "private" adresses for the 60000 and some users. So I am stuck with
> > > 172.21.36.0/22 . I have solved part of the problem making this in
> > > named.conf:
> > >
> > > zone "21.172.in-addr.arpa" {
> > > file "xxx";
> > > ...
> > > };
> > >
> > > And in file xxx :
> > > ...
> > > $ORIGIN 36.21.172.in-addr.arpa.
> > > 12 PTR nacre.socio.prv.
> > > 6 PTR another.socio.prv.
> > > $ORIGIN 37.21.172.in-addr.arpa.
> > > 6 PTR babel.socio.prv.
> > > $ORIGIN 39.21.172.in-addr.arpa.
> > > 254 PTR fw4.socio.prv.
> > > ...
> > > It works, though not elegant enough. (my point of view).
> > > Thank for your help
> >
> > And a VERY BAD IDEA given that you say the other address space is
> > allocated.
>
> Sorry, but I don't understand why it is a "Very Bad Idea". I am
> authoritative on 172.21.36.0 mask 255.255.252.0 which means from
> 172.21.36.0 thru 172.21.39.255 I have addresses like 172.21.37.* and
> 172.21.39.250, or 251 for example. I want to manage my own address
> space. Address space starting from 172.21.40.0 is allocated to somebody
> else. But I don't care.
> Maybe this simple (and usual) solution is better :
> 1 file for 36.21.172.in-addr.arpa,
> 1 file for 37.21.172.in-addr.arpa,
> 1 file for 38.21.172.in-addr.arpa,
> 1 file for 39.21.172.in-addr.arpa,
Correct.
> Be kind enough to explain (if you want).
It is a bad idea because someone else has claimed the
authority for 21.172.in-addr.arpa and by doing what you
were doing you would be attempting to poison the caches of
the servers querying you. You would be giving back the
wrong NS RRset for 21.172.in-addr.arpa.
At some point you should be getting 36.21.172.in-addr.arpa
... 39.21.172.in-addr.arpa delegated to you from
21.172.in-addr.arpa. You will almost certainly want to
make yourself a (stealth) slave of 21.172.in-addr.arpa so
you can find the servers for the other subzones of
21.172.in-addr.arpa.
Mark
> Regards.
> --
> cmic<at>caramail<dot>com
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list