DNS frustration

Chad Morris morrisce at acs.sparcc.org
Thu May 11 13:20:32 UTC 2006 

Bill,

I'm still attempting to add reverse lookups via nsupdate...

what would be the syntax for adding a PTR record with nsupdate to the  
zone 40.110.10.in-addr.arpa?

Chad


On May 11, 2006, at 8:18 AM, Bill Larson wrote:

> On May 11, 2006, at 5:37 AM, Chad Morris wrote:
>
>> I appreciate the time you have taken to explain many of these DNS  
>> mysteries to me.  I'm kind of a newbie to DNS, but what I have set  
>> up seems to work for the most part!  I obviously have some looking  
>> over to do here...
>>
>> The one part I do not understand is this...
>>
>>> I think that the simplest solution for you is, for example, with  
>>> your 10.110.40.0/21 network, which incorporates the  
>>> 10.110.40.0/24, 10.110.41.0/24, 10.110.42.0/24, ...  
>>> 10.110.47.0/24 networks, is to define separate zones for each of  
>>> these "/24" subnets.  Instead of just one reverse zone, in this  
>>> case, you really need to have eight zones.  (You have some, but  
>>> not all of these sub-subnets.)
>
> The "in-addr.arpa" reverse DNS operates on eight bit network  
> boundaries.  For example, there are the following in-addr.arpa  
> delegations possible:
>
> 	10.in-addr.arpa
> 	110.10.in-addr.arpa
> 	40.110.10.in-addr.arpa
>
> The first is a 10.0.0.0/8 network (10.0.0.0-10.255.255.255), the  
> second is for a 10.110.0.0/16 network (10.110.0.0-10.110.255.255),  
> and the third is for a 10.110.40.0/24 network  
> (10.110.24.0-10.110.40.255).  The in-addr.arpa reverse DNS  
> naturally breaks on eight bit subnet boundaries.
>
> Your 10.110.40.0/21 network covers the range of  
> 10.110.40.0-10.110.47.255.  This range of addresses can't be  
> handled in the in-addr.arpa delegation as a single zone.  All I was  
> suggesting is that you may want to insure that ALL of the possible  
> range of IP addresses that you use are configured in DNS for your  
> in-addr.arpa delegation.
>
> What this means is that for your 10.110.40.0/21 network you need to  
> have eight in-addr.arpa zones defined.  There needs to be zones for:
>
> 	40.110.10.in-addr.arpa
> 	41.110.10.in-addr.arpa
> 	42.110.10.in-addr.arpa
> 	43.110.10.in-addr.arpa
> 	44.110.10.in-addr.arpa
> 	45.110.10.in-addr.arpa
> 	46.110.10.in-addr.arpa
> 	47.110.10.in-addr.arpa
>
> to cover this whole 10.110.40.0/21 network.  You have some of  
> these, but not all.  All I am suggesting is that you fill out the  
> whole range to insure that you are covered.  It may be that some of  
> these in-addr.arpa zones are not populated at the moment.  If in  
> the future any of these zones are actually used, then you are  
> prepared - rather than trying to play catch-up.
>
> Bill Larson
>
>

More information about the bind-users mailing list