Alternative to RFC2317 -- Classless Delegation

Dan Mahoney, System Admin danm at prime.gushi.org
Sat Dec 9 01:16:08 UTC 2006


On Fri, 8 Dec 2006, Kevin Darcy wrote:

[ka-snip]

>> So, then the question (and I'm sure someone has a good answer for it) is:
>>
>> What is wrong with the NS-only scheme of doing things?  Clearly RFC2317 is
>> as complex as it is for a reason, but I'm curious as to why.
>>
> That's perfectly valid too, and I'm surprised that RFC 2317 doesn't even
> mention that approach (had to re-read it just to make sure).
>
> I think there are multiple reasons why most people shy away from this:
> 1) More records in the parent zone, since of course all zones are
> required to have at least 2 nameservers, versus only 1 CNAME per IP
> address under RFC 2317 (of course $GENERATE eases this)
> 2) More zone definitions overall
> 3) Zone-apex PTR records. Many if not most folks are used to thinking of
> PTRs as "leaf" nodes and aren't very comfortable with seeing them at the
> apex of a zone.

I did just think of one thing, and that's that if someone was using the 
zone answering for the "leaf" zone as a caching server...

i.e. the customer who has 192.168.1.1 has a partial 192.168.1.x zonefile 
with of course, only his records...then goes to look up an IP he does NOT 
have, against the same nameserver, I believe that nameserver will return 
NXDOMAIN, even if the PTR *is* properly delegated to a secondary leaf 
site.

Of course, using the same server for both authoritative and caching is 
already considered somewhat taboo, but this MAY be an issue that is 
dealable within proper VIEW statements -- I haven't thought enough about 
it.

-Dan


--

"there is no loyalty in the business, so we stay away from things that piss people off"

-The Boss, November 12, 2002

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------



More information about the bind-users mailing list