Delegating reverse DNS to a customer

Mark Andrews marka at isc.org
Tue Aug 18 14:40:48 UTC 2009


In message <h6edid$sq6$1 at ger.gmane.org>, Chris Hills writes:
> On 18/08/09 15:55, Ben Bridges wrote:
> > Since the CIDR block you have been allocated containing 63.250.251.0/24
> > is smaller than a /16, ARIN is delegating authority for the IN-ADDR.ARPA
> > zones for each of your /24's directly to your dns servers. In order for
> > your customer's dns servers to be authoritative for
> > 251.250.63.IN-ADDR.ARPA, you're going to have to have ARIN delegate the
> > zone to your customer's servers. If you have not already SWIP'ed the /24
> > to your customer, then you'll want to do so using the detailed
> > reassignment template
> > (https://www.arin.net/resources/templates/reassign-detailed.txt, I
> > think). If you have already SWIP'ed the space to them, then you'll need
> > to submit the net-mod template
> > (https://www.arin.net/resources/templates/netmod.txt, I think) for the
> > /24. (Note: I'm not the person who submits SWIP templates in our
> > organization, so I might be wrong about the particular templates to use.
> > But the principle is still valid. It's the SWIP information filed with
> > ARIN that determines what dns servers are authoritative for the
> > in-addr.arpa zones for your /24's.)
> > Ben
> 
> Alternatively it is possible to delegate it using the CNAME trick used 
> for sub-/24 allocations, which will require 256 dns records that can be 
> made using $GENERATE.
> 
> For example:-
> 
> $TTL 86400
> $GENERATE 0-255 $ IN CNAME $.0-255.251.250.63.in-addr.arpa.
> 0-255.251.250.63.in-addr.arpa. IN NS ns1.emns.com.
> 0-255.251.250.63.in-addr.arpa. IN NS ns2.emns.com.
> 0-255.251.250.63.in-addr.arpa. IN NS ns3.emns.com.
> 0-255.251.250.63.in-addr.arpa. IN NS ns4.emns.com.
> 
> Then the customer will need to configure the zone 
> 0-255.251.250.63.in-addr.arpa. as if it were 251.250.63.in-addr.arpa.
> 
> Regards,
> 
> Chris

But why make it more complicated than it has to be for the customer
or the ISP?

All the RIR's and LIR's are setup to handle this sort of delegation.
This is day-to-day operations for them and they will help ISP's get
this right if the ISP asks for help.  It also removes the ISP's
servers from the reverse resolution process so there is one less
thing to break.  The customer still needs to go through the ISP to
change the servers so the ISP still has control.

The original request was for how to do this correctly and in my
book that is to swip the delegation.

Mark

> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list