Trouble configuring forwarders for reverse zones.

Chris Buxton cbuxton at menandmice.com
Thu Apr 9 17:29:48 UTC 2009 

On Apr 9, 2009, at 9:59 AM, M-lists wrote:
> Much obliged Chris: I'll give that a go.  Just out of interest  
> though, how
> come you can't just specify a netmask?  It seems convoluted to have  
> such
> different ways of specifying reverse forwarders for classfull and  
> classless
> Subnets.

The answer is contained within a several-hour training course on how  
DNS works (which I have been known to teach now and then). The short  
version is, standard PTR record names (and the names used in queries  
looking for PTR records) are based on the IP address, with dots at the  
octet boundaries. They don't have the subnet mask in them.

Chris Buxton
Professional Services
Men & Mice

> -----Original Message-----
> From: Chris Buxton [mailto:cbuxton at menandmice.com]
> Sent: 08 April 2009 18:20
> To: Callum Millard
> Cc: Bind Users Mailing List
> Subject: Re: Trouble configuring forwarders for reverse zones.
>
> You would create a /16 or /24 parent zone. For example, you could use
> a zone named 1.1.10.in-addr.arpa. From that zone, you would delegate
> the /28 reverse zone using a syntax along these lines:
>
> 0/28.1.1.10.in-addr.arpa.	NS	1.other.name.server.
> 0/28.1.1.10.in-addr.arpa.	NS	2.other.name.server.
> 1.1.1.10.in-addr.arpa.		CNAME	1.0/28.1.1.10.in-addr.arpa.
> 2.1.1.10.in-addr.arpa.		CNAME	2.0/28.1.1.10.in-addr.arpa.
> [...]
> 14.1.1.10.in-addr.arpa.		CNAME	14.0/28.1.1.10.in-addr.arpa.
>
> You can simplify the creation of the CNAME records using a $GENERATE
> statement:
>
> $GENERATE 1-14 1 CNAME 1.0/28
>
> I have omitted the origin here for brevity.
>
> Chris Buxton
> Professional Services
> Men & Mice
>
> On Apr 8, 2009, at 8:45 AM, M-lists wrote:
>
>> Apologies, I meant 10.1.1.0/28 not /24.  The addresses used are
>> arbitrary,
>> as I don't like detailing my network topology unnecessarily.
>> Suffice to say
>> we've had the */28 subnet dished out and have to work with it.
>>
>> Thanks for the suggestions in your last paragraph Chris, but I
>> didn't follow
>> them entirely.  Does anyone know the syntax to forward reverse
>> queries for
>> 10.1.1.1/28 on to a given host, or is it a bit more complex than with
>> 10.1.0.0/16, as Chris' last paragraph suggests?
>>
>> Thanks again,
>>
>>
>> C.
>>
>> -----Original Message-----
>> From: Chris Buxton [mailto:cbuxton at menandmice.com]
>> Sent: 08 April 2009 15:24
>> To: Callum Millard
>> Cc: bind-users at lists.isc.org
>> Subject: Re: Trouble configuring forwarders for reverse zones.
>>
>> On Apr 8, 2009, at 3:00 AM, M-lists wrote:
>>> One further thing, I'll be moving things around on our network soon,
>>> and
>>> this means we'll have a classless subnet soon.  So if we moved one
>>> of our
>>> Windows subnets to 10.1.1.0/24, how would I forward reverse queries
>>> for this
>>> subnet to say 10.1.1.1?
>>
>> When you say "classless subnet", what do you mean? A /24 is not a
>> classless subnet as I understand the phrase.
>>
>> If you really do mean the same thing I do when I use that phrase, a
>> subnet such as a /25 or /26, the first thing I would ask is why do
>> this? You have 10/8 to work with. If you mean a classless subnet such
>> as a /22 or /21, it's easier to just create the individual /24  
>> reverse
>> zones than to create a classless subnet reverse zone.
>>
>> In general, a classless subnet reverse zone relies on CNAME records  
>> to
>> "move" the PTR record owner name to a new name, in an artificial  
>> zone.
>> This requires a parent zone to create the CNAME records. (For zones
>> larger than /24, use DNAME records instead of CNAME records.) So your
>> BIND server might need a 10.1/16 zone, or possibly a 10.1.1/24  
>> reverse
>> zone - a parent zone using the standard naming convention that can
>> then delegate artificial subzones elsewhere and can contain the CNAME
>> or DNAME records needed to rename the PTR records into the subzone.
>>
>> Chris Buxton
>> Professional Services
>> Men & Mice
>>
>>
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list