Non-Octet Boundary Delegation (RFC 4183)
Станислав
ginermail at gmail.com
Thu Sep 22 06:33:55 UTC 2011
Thank you Simon, thank you Andris.
Andris, problem is that in that case I will need to use "nslookup
68.27.133.10.ptr-pa.lan.orga.ru instead of "nslookup 10.133.27.68" to
get DNS record. Ideas?
Regards,
Stas
On Thu, Sep 22, 2011 at 5:04 AM, Andris Kalnozols <andris at hpl.hp.com> wrote:
>> ginermail at gmail.com> wrote:
>>
>> I've tried to use "zone 0-25.0.16.172.in-addr.arpa." for a reverse
>> zone but it didn't work.
>>
>> Stas
>>
>> On Thu, Sep 22, 2011 at 12:02 AM, Alex Bligh <alex at alex.org.uk> wrote:
>> >
>> >
>> > --On 21 September 2011 23:38:02 +0400 Станислав <ginermail at gmail.com> wrote:
>> >
>> >> Could anyone tell me if ISC DHCP supports Non-Octet Boundary
>> >> Delegation? It supports by ISC BIND as I see but I've not managed to
>> >> find the same information related to the DHCP server.
>> >
>> > Support in what sense? DHCP doesn't deal with delegation of domain
>> > names. It is fully CIDR compliant, if that's what you mean.
>
>
> To follow up Simon's later post with a real-life example, here
> are some excerpts from the BIND and DHCP configuration files
> we use at our site that may be relevant to your situation which,
> if correctly understood, deals with the issue of the ISC DHCP
> server being able to do dynamic DNS updates of PTR records that
> map to an `in-addr.arpa' space smaller than a /24 network.
>
> The inline comments should explain things.
> This setup works for us but if the experts on this mailing list
> find issues with it, I'm sure to learn from them.
>
> ------
> Andris
>
>
> BIND named.conf
> ===============
>
> key "hostmaster" {
> algorithm hmac-md5;
> #
> # Keep the secret TSIG key in a separate file
> # which has read access that is more restricted
> # than this publicly readable file.
> #
> include "/etc/bind/keys/hostmaster.secret";
> };
> key "dhcp-pa" {
> algorithm hmac-md5;
> include "/etc/bind/keys/dhcp-pa.secret";
> };
>
> ......
>
> zone "ptr-pa.hpl.hp.com" {
> type master;
> file "db.ptr-pa.hpl";
> update-policy {
> grant hostmaster subdomain ptr-pa.hpl.hp.com ANY;
> grant dhcp-pa wildcard *.ptr-pa.hpl.hp.com PTR TXT DHCID;
> };
> };
>
>
> DHCP dhcpd.conf
> ===============
>
> ddns-update-style interim;
> allow client-updates; # allow clients to update their own "A" records
> option fqdn.rcode2 255; # tell clients that PTR DNS updates are deferred
>
> # Keep the secret TSIG key for making secure DNS updates
> # in a separate file which has read access that is more
> # restricted than this publicly readable file.
> #
> include "/etc/dhcp/keys/dhcp-pa";
>
> # The ISC DHCP server is currently limited in the way in which
> # the owner field of a PTR resource record can be manipulated
> # before sending a dynamic DNS update. The server always sends
> # *all four* of the reversed octets of the IP address appended
> # by either ".in-addr.arpa." (the default) or the contents of
> # the "ddns-rev-domainname" server option.
> # While this is fine for "in-addr.arpa" zones that represent
> # network spaces from /8 to /24, the most significant three
> # octets become redundant for sub-class-C zones with standard
> # naming schemes such as "16-31.147.9.15.in-addr.arpa".
> # For example, the owner name of the PTR record for a client
> # assigned an IP address of 15.9.147.17 would be:
> #
> # 17.147.9.15.16-31.147.9.15.in-addr.arpa.
> #
> # instead of the more commonly seen:
> #
> # 17.16-31.147.9.15.in-addr.arpa.
> #
> # Since RFC-2317 naming schemes are totally arbitrary, this
> # site has chosen to map all dynamic updates of sub-class-C
> # "in-addr.arpa" zones (/25 to /32) to a single domain,
> # "ptr-pa.hpl.hp.com". The following server option must be
> # declared in all scopes with dynamic IP address ranges
> # that represent a subnetwork of size /25 to /32 and, of
> # course, where DDNS updates are desired:
> #
> # ddns-rev-domainname "ptr-pa.hpl.hp.com.";
> #
> # NOTE: This remapping of sub-/24 address space from the
> # "in-addr.arpa" domain requires the CNAME linkage
> # specified in RFC-2317. For example, the following
> # CNAMEs in the "147.9.15.in-addr.arpa" DNS zone are
> # generated to remap the PTR records for 15.9.147.16/28
> # on a BIND name server:
> #
> # $GENERATE 16-31 $ CNAME $.147.9.15.ptr-pa.hpl.hp.com.
> #
> zone ptr-pa.hpl.hp.com. {
> primary 15.0.48.4;
> key dhcp-pa;
> }
>
> subnet 15.9.147.0 netmask 255.255.255.224 {
>
> option routers 15.9.147.1;
> option broadcast-address 15.9.147.31;
> if (static) {
> ddns-updates off;
> } else {
> ddns-rev-domainname "ptr-pa.hpl.hp.com.";
> }
> range 15.9.147.16 15.9.147.23; # allocated by `lpans1'
> # range 15.9.147.24 15.9.147.30; # allocated by `lpans2'
> include "/etc/dhcp/internal_services";
> include "/etc/dhcp/standard_lease_times";
> }
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
More information about the dhcp-users
mailing list