Classless delegation with a split horizon setup
Joseph S D Yao
jsdy at center.osis.gov
Wed Jun 22 02:49:14 UTC 2005
On Tue, Jun 21, 2005 at 03:35:18AM -0700, adhodgson at gmail.com wrote:
> Hi,
>
> I am wondering whether any of you on the list can help me with a bit of
> a DNS quandary I am in.
>
> My ISP has given me an IP block 81.2.105.208/28. I have to host PTR
> records on my DNS server using the subnetted style
> 208-223.105.2.81.in-addr.arpa. - this is fine. The ISP host the zone
> 105.2.81.in-addr.arpa (or most of it), and have created CNAME records
> pointing to the subnetted zone, listing my public nameserver as the
> primary for the subnetted zone.
>
> However, I run a split horizon DNS setup with the public information on
> one server and LAN-specific information on the other. This is mainly
> because our lan uses the subdomain ad.hodgsonfamily.org. I host the
> records on both on two completely different instances.
>
> The issue I have is I want to create the reverse zone for inside my
> LAN, but here I have an issue, as if I created 105.2.81.in-addr.arpa,
> the rest of that zone (i.e, for IP addresses I don't own) are not being
> resolved since the DNS server can pick up the zone locally. If I
> create the subnetted zone, there would be no CNAME records in the
> parent to get resolution working.
>
> Has anyone been in this situation before? I have two possible
> workarounds, one is to create a complete zone file for each IP address,
> and the other involves ensuring only the subnetted zone exists, and
> relying on resolution to find the cname records from the root
> nameservers, thus when it gets to the looking up from the subnetted
> zone it would know the information locally thus pick up the records?
>
> Alternatively does anyone know a trick in bind I can use to get this
> working a different (and probably more appealing!) way?
>
> Thanks.
> Andrew.
No real problem. Create the same zone inside that you have outside -
208-223.105.2.81.in-addr.arpa. Alternately, don't bother to create it
unless you want the names to look different internally from externally,
or unless your internal name server has the same name as your external
name server [bad move].
In either case, the query to your ISP will result in the return of the
CNAME record into your 208-223.105.2.81.in-addr.arpa zone. The only
difference between the two cases above are that in the former case it
looks up the canonical name itself internally; in the latter case, it
looks it up on your external name server, just like everyone else.
--
Joe Yao
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
More information about the bind-users
mailing list