Breaking up RFC 1918 reverse space
Chris Buxton
chris.p.buxton at gmail.com
Tue Jul 26 07:14:23 UTC 2011
On Jul 25, 2011, at 2:53 PM, Peter Laws wrote:
> On 07/23/11 22:08, Karl Auer wrote:
>
>
>> Maybe this is an overly naive approach, but can't you set up one zone
>> for 10.0.0.0/8 and delegate as necessary from that single zone file?
>> Anything that you don't have an answer for will get NXDOMAIN, which is
>> presumably what you want.
>
>> So:
>>
>> zone "10.IN-ADDR.ARPA" {
>> type master;
>> file "internal/db.10.rev";
>> allow-query { network_internal; };
>> };
>>
>> Then in the zone file internal/db.0.rev:
>>
>> $ORIGIN 10.in-addr.arpa.
>> [...]
>> 0 3600 IN NS ns00.mydomain.
>> 1 3600 IN NS ns01.mydomain.
>> ... etc
>>
>
>
> I thought of that, too. Were I delegating all slivers of the 10/8 space (it's actually 4 10/10 spaces), then I'd have done it long ago and not asked the question. I'm more confused than that - read on. :-)
>
> What I think I didn't make clear in my first post was that I actually want to do two things:
>
> 1) I want to break 10/8 space into 4 10/10 zones (actual, independent zones).
>
> 10.0.0.0/10
> 10.64.0.0/10
> 10.128.0.0/10
> 10.192.0.0/10
You could use DNAME records to achieve this division into exactly 4 subzones, although this is conceptually difficult for many people to understand. The practice is remarkably simple.
> 2) Serve one resulting zone myself, delegate all of two others, then delegate parts of the last one.
You must be authoritative for the /8 reverse zone, the first of the /10s, and the last of the /10s. Delegate the other two /10 zones elsewhere.
In the /8, you must delegate all four /10s. For the first and last, delegate to yourself.
In the last /10 reverse zone, delegate parts as needed.
> So my initial question was incomplete.
>
>
> I've read about $GENERATEing CNAME records for chunks and then delegating the chunks, for example
>
> 0 IN CNAME 0-63.10.in-addr.arpa.
> 1 IN CNAME 0-63.10.in-addr.arpa.
> 2 IN CNAME 0-63.10.in-addr.arpa.
> etc
These would be DNAME records, not CNAME. Also, the rdata would typically start with the network address. For example:
0 DNAME 0.0-63.10.in-addr.arpa.
1 DNAME 1.0-63.10.in-addr.arpa.
This is the trick that allows you to divide the /8 into 4 child zones, rather than 256.
> but done with $GENERATE and then actually delegating with
This might work (untested):
$GENERATE 0-63 $.10.in-addr.arpa. DNAME $.0-63.10.in-addr.arpa.
Feel free to remove each instance of ".10.in-addr.arpa.", as this is the current $ORIGIN. For example, this should be equivalent:
$GENERATE 0-63 $ DNAME $.0-63
> 0-63.10.in-addr.arpa. IN NS ns1.edu.
> 64-127.10.in-addr.arpa. IN NS ns2.edu.
> etc
Yes, this is the delegation, which divides the /8 into 4 /10s. Try to have multiple NS records for each zone name:
0-63 NS ns1.ou.edu.
0-63 NS ns2.ou.edu.
64-127 NS some.other.name.server.
64-127 NS and.another.name.server.
> Where I'm confused (or have confused myself) is the part about wanting to actually break the zone up (I want to break it up for the usual reasons - size and limiting damage)
Are you still confused? If so, try to explain where you're confused.
Chris Buxton
BlueCat Networks
More information about the bind-users
mailing list