subnets et in-addr.arpa

Mark Andrews Mark_Andrews at isc.org
Fri Aug 19 00:56:41 UTC 2005


> Hello Mark.
> 
> Mark Andrews a =E9crit :
> 
> > > Hello  /dev/smthing
> > >
> > > /dev/rob0 a =3DE9crit :
> > >
> > > > On Tuesday 2005-August-16 02:41, cmic wrote:
> > > > > > Of course it is, why not? Your zone would be "21.172.in-addr.arpa=
> ."
> > > >
> > > > > 172.21.36.12 and 172.21.39.254 for example. This is why I post this
> > > > > request.
> > > >
> > > > And you'll be authoritative for 172.21.0.0 through 172.21.255.255. Is
> > > > that a problem for you? Does someone else "own" the rest of that /16?
> > > > You are aware that it's a reserved netblock, yes?
> > >
> > > Alas yes, the other subnets (particularly the neighbours) are reserved.
> > > In fact the French ministery decided one day to allocate chunks of
> > > "private" adresses for the 60000 and some users. So I am stuck with
> > > 172.21.36.0/22 . I have solved part of the problem making this in
> > > named.conf:
> > >
> > > zone "21.172.in-addr.arpa" {
> > >    file "xxx";
> > >    ...
> > > };
> > >
> > > And in file xxx :
> > > ...
> > > $ORIGIN 36.21.172.in-addr.arpa.
> > > 12    PTR nacre.socio.prv.
> > > 6     PTR another.socio.prv.
> > > $ORIGIN 37.21.172.in-addr.arpa.
> > > 6     PTR babel.socio.prv.
> > > $ORIGIN 39.21.172.in-addr.arpa.
> > > 254    PTR fw4.socio.prv.
> > > ...
> > > It works, though not elegant enough. (my point of view).
> > > Thank for your help
> >
> > 	And a VERY BAD IDEA given that you say the other address space is
> > 	allocated.
> 
> Sorry, but I don't understand why it is a "Very Bad Idea". I am
> authoritative on 172.21.36.0 mask 255.255.252.0 which means from
> 172.21.36.0 thru 172.21.39.255 I have addresses like 172.21.37.* and
> 172.21.39.250, or 251 for example. I want to manage my own address
> space. Address space starting from 172.21.40.0 is allocated to somebody
> else. But I don't care.
> Maybe this simple (and usual) solution is better :
> 1 file for 36.21.172.in-addr.arpa,
> 1 file for 37.21.172.in-addr.arpa,
> 1 file for 38.21.172.in-addr.arpa,
> 1 file for 39.21.172.in-addr.arpa,

	Correct.

> Be kind enough to explain (if you want).

	It is a bad idea because someone else has claimed the
	authority for 21.172.in-addr.arpa and by doing what you
	were doing you would be attempting to poison the caches of
	the servers querying you.  You would be giving back the
	wrong NS RRset for 21.172.in-addr.arpa.

	At some point you should be getting 36.21.172.in-addr.arpa
	...  39.21.172.in-addr.arpa delegated to you from
	21.172.in-addr.arpa.  You will almost certainly want to
	make yourself a (stealth) slave of 21.172.in-addr.arpa so
	you can find the servers for the other subzones of
	21.172.in-addr.arpa.

	Mark
 
> Regards.
> --
> cmic<at>caramail<dot>com
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list