Classless delegation with a split horizon setup
Joseph S D Yao
jsdy at center.osis.gov
Wed Jun 22 02:49:14 UTC 2005
On Tue, Jun 21, 2005 at 03:35:18AM -0700, adhodgson at gmail.com wrote:
> I am wondering whether any of you on the list can help me with a bit of
> a DNS quandary I am in.
> My ISP has given me an IP block 184.108.40.206/28. I have to host PTR
> records on my DNS server using the subnetted style
> 208-220.127.116.11.in-addr.arpa. - this is fine. The ISP host the zone
> 105.2.81.in-addr.arpa (or most of it), and have created CNAME records
> pointing to the subnetted zone, listing my public nameserver as the
> primary for the subnetted zone.
> However, I run a split horizon DNS setup with the public information on
> one server and LAN-specific information on the other. This is mainly
> because our lan uses the subdomain ad.hodgsonfamily.org. I host the
> records on both on two completely different instances.
> The issue I have is I want to create the reverse zone for inside my
> LAN, but here I have an issue, as if I created 105.2.81.in-addr.arpa,
> the rest of that zone (i.e, for IP addresses I don't own) are not being
> resolved since the DNS server can pick up the zone locally. If I
> create the subnetted zone, there would be no CNAME records in the
> parent to get resolution working.
> Has anyone been in this situation before? I have two possible
> workarounds, one is to create a complete zone file for each IP address,
> and the other involves ensuring only the subnetted zone exists, and
> relying on resolution to find the cname records from the root
> nameservers, thus when it gets to the looking up from the subnetted
> zone it would know the information locally thus pick up the records?
> Alternatively does anyone know a trick in bind I can use to get this
> working a different (and probably more appealing!) way?
No real problem. Create the same zone inside that you have outside -
208-18.104.22.168.in-addr.arpa. Alternately, don't bother to create it
unless you want the names to look different internally from externally,
or unless your internal name server has the same name as your external
name server [bad move].
In either case, the query to your ISP will result in the return of the
CNAME record into your 208-22.214.171.124.in-addr.arpa zone. The only
difference between the two cases above are that in the former case it
looks up the canonical name itself internally; in the latter case, it
looks it up on your external name server, just like everyone else.
This message is not an official statement of OSIS Center policies.
More information about the bind-users