Delegating a /24 out of a /16.

Sam Hayes Merritt, III sam at themerritts.org
Tue Jan 18 19:13:27 UTC 2005 

We have a /16 from ARIN. We want to delegate a /24 out of that to a
customers nameservers. In the past, when we had smaller than a /16, a SWIP
would take care of that for us, however since we have the entire /16, we
have to do it ourselves now.

Here's the relevant sample parts of my named.conf:

zone "155.10.IN-ADDR.ARPA" {
        type master;
        file "10.155.db";
};


And here's 10.155.db:

$TTL 86400
; 10.155.db
;
; Edit History
; date:         who:                    what:
; 12/06/00      Auto-Generated          Forward Mapping File
;
; Origin added to names not ending in a dot: 155.10.IN-ADDR.ARPA
;

@                               IN      SOA     ns1.lsn.net. root.lsn.net.
(
                                2005011801      ; serial
                                10800           ; refresh after 3 hours
                                3600            ; retry after 1 hour
                                604800          ; expire after 1 week
                                86400 )         ; minimum TTL of 1 day

                        IN      NS      ns5.lsn.net.

5      IN      NS      ns8.lsn.net.


A dig for the /16 comes back with the expected response.
dig @216.82.202.14 155.10.in-addr.arpa any
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; QUERY SECTION:
;;	155.10.in-addr.arpa, type = ANY, class = IN

;; ANSWER SECTION:
155.10.in-addr.arpa.	1D IN SOA	ns5.lsn.net. root.lsn.net. (
					2005011802	; serial
					3H		; refresh
					1H		; retry
					1W		; expiry
					1D )		; minimum

155.10.in-addr.arpa.	1D IN NS	ns5.lsn.net.

;; ADDITIONAL SECTION:
ns5.lsn.net.		13h35m12s IN A	216.82.202.14



But a dig for the delegated /24, comes back with a SERVFAIL.
dig @216.82.202.14 5.155.10.in-addr.arpa any

; <<>> DiG 8.3 <<>> @216.82.202.14 5.155.10.in-addr.arpa any
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;	5.155.10.in-addr.arpa, type = ANY, class = IN

;; Total query time: 23 msec




What part of this am I not getting correct. Looking at DNS & Bind
9.5.1 Subnetting on an Octet Boundary, this should be correct.



Thanks,

sam

More information about the bind-users mailing list