[dns-operations] /24 Reverse DNS delegation using the IP Address 4th octet?

Ray.Bellis at nominet.org.uk Ray.Bellis at nominet.org.uk
Wed Mar 17 10:11:13 UTC 2010


> Ok, so I asked for a reverse DNS delegation of a /24.  Let's call it 
> "10.1.2.0/24" for the sake of discussion.  I was expecting to get the 
> following in their (parent) zone:
> 
> 2.1.10.in-addr.arpa. 86400   IN   NS   my-master-1.example.com.
> 2.1.10.in-addr.arpa. 86400   IN   NS   my-master-2.example.com.
> 
> Instead, what they gave me was this:
> 
> 0.2.1.10.in-addr.arpa. 86400   IN   NS   my-master-1.example.com.
> 0.2.1.10.in-addr.arpa. 86400   IN   NS   my-master-2.example.com.
>
> ...
> 
> 255.2.1.10.in-addr.arpa. 86400   IN   NS   my-master-1.example.com.
> 255.2.1.10.in-addr.arpa. 86400   IN   NS   my-master-2.example.com.
> 
> Is that workable?  It seems silly to me.  Can I still just set up a 
> single zone file like so?
> 
> $TTL 86400
> $ORIGIN 2.1.10.in-addr.arpa.
> @       IN      SOA     my-master-1.example.com. 
> hostmaster.example.com. ( 7 3600 600 3600000 86400 )
> 
> @   IN   NS   my-master-1.example.com.
>    IN   NS   my-master-2.example.com.
> 
> 0   IN   A   zero.example.com.
> 1   IN   A   one.example.com.
> 2   IN   A   two.example.com.
> ...
> etc.

[should be "PTR", of course, not "A"]

> My gut feeling is that this isn't going to work and that they really 
> need to delegate 2.1.10.in-addr.arpa directly, correct?

It should actually work if you implemented as described - some ENUM trees 
are delegated that way.

However it'll break if you ever want to implement DNSSEC.  There is a 
mis-alignment between the zone cut as seen by the parent and that seen by 
the child, hence there's no place to put the DS records.

Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20100317/9d3fba87/attachment.html>


More information about the dns-operations mailing list