Reverse zone delegation for 172.16.16.0/20 - HOW TO?

Barry Margolin barmar at alum.mit.edu
Fri May 18 18:54:49 UTC 2012 

In article <mailman.823.1337358596.63724.bind-users at lists.isc.org>,
 "Ellad G. Yatsko" <eyatsko at ngs.ru> wrote:

> Hello!
> 
> There is the Supernet 172.16.0.0/12 is distributed through my network. 
> Some network hierarchy is built in this Supernet. Some addressing plan 
> is used.
> 
> There are some towns. Each town has IP pool of 
> 172.16.0.0/16...172.30.0.0/16.
> 
> There are some sites in different districts of above towns, they get a 
> block of IP-addresess: 172.xx.0.0/20 from its main town's server.
> 
> Each ending site uses its networks in the following way:
> - servers;
> - voice;
> - video surveillance;
> - top-managers;
> - accounting;
> - ... some other departaments.
> 
> Indeed it's no matter what and why. Now I want to build hierarchic 
> structure of DNS servers in each location. And delegate zones accordingly.
> But I have some troubles in the beginning. How do I describe topmost 
> 172.16.0.0/12 zone?
> 
> I used a trick and made zone 172.in-addr.arpa. It is not exact but it works.

The problem with this is that you won't be able to do reverse lookups 
for other 172.x.x.x addresses outside the RFC 1918 block.  Maybe you 
could download the real 172.in-addr.arpa zone, and merge your changes 
into it.

> 
> But I can't at all to delegate block 172.16.0.0/16 to second level 

In the 172.in-addr.arpa zone, just do a normal delegation:

16 IN NS second-level-server.

> server to say nothing about delegation 172.16.16.0/20 from second level 
> to ending DNS!

You can use $GENERATE for this.  In the zone file for 
17.172.in-addr.arpa, do:

$GENERATE 16-31 $ IN NS srvgate.sokol.msk.united-networks.ru.

> Then I tried to solve this task in the most general way. I thought If I 
> learn how to delegate "most difficult zone" I delegate simplier one easily.
> 
> So I began to delegate 172.16.16.0/20 (not 172.16.0.0/16) from topmost 
> server to its neighbor as follows:
> 
> 
> zone "172.in-addr.arpa" {
>    type master;
>    file "/etc/bind/master/reverse/172.in-addr.arpa";
>    forwarders { };
> };
> 
> and (in zone file):
> 
> 0.16/20.16.172.in-addr.arpa.    IN NS   
> srvgate.sokol.msk.united-networks.ru.
> $GENERATE 0-256 $.16.16.172.in-addr.arpa.       IN CNAME 
> $.0.16/20.16.172.in-addr.arpa.
> $GENERATE 0-256 $.31.16.172.in-addr.arpa.       IN CNAME 
> $.0.31/20.16.172.in-addr.arpa.

This technique is really only needed for delegations of blocks smaller 
than /24.  For anything larger, just do multiple delegations.

-- 
Barry Margolin
Arlington, MA

More information about the bind-users mailing list