[dns-operations] /24 Reverse DNS delegation using the IP Address 4th octet?
Ray.Bellis at nominet.org.uk
Ray.Bellis at nominet.org.uk
Wed Mar 17 10:11:13 UTC 2010
> Ok, so I asked for a reverse DNS delegation of a /24. Let's call it
> "10.1.2.0/24" for the sake of discussion. I was expecting to get the
> following in their (parent) zone:
>
> 2.1.10.in-addr.arpa. 86400 IN NS my-master-1.example.com.
> 2.1.10.in-addr.arpa. 86400 IN NS my-master-2.example.com.
>
> Instead, what they gave me was this:
>
> 0.2.1.10.in-addr.arpa. 86400 IN NS my-master-1.example.com.
> 0.2.1.10.in-addr.arpa. 86400 IN NS my-master-2.example.com.
>
> ...
>
> 255.2.1.10.in-addr.arpa. 86400 IN NS my-master-1.example.com.
> 255.2.1.10.in-addr.arpa. 86400 IN NS my-master-2.example.com.
>
> Is that workable? It seems silly to me. Can I still just set up a
> single zone file like so?
>
> $TTL 86400
> $ORIGIN 2.1.10.in-addr.arpa.
> @ IN SOA my-master-1.example.com.
> hostmaster.example.com. ( 7 3600 600 3600000 86400 )
>
> @ IN NS my-master-1.example.com.
> IN NS my-master-2.example.com.
>
> 0 IN A zero.example.com.
> 1 IN A one.example.com.
> 2 IN A two.example.com.
> ...
> etc.
[should be "PTR", of course, not "A"]
> My gut feeling is that this isn't going to work and that they really
> need to delegate 2.1.10.in-addr.arpa directly, correct?
It should actually work if you implemented as described - some ENUM trees
are delegated that way.
However it'll break if you ever want to implement DNSSEC. There is a
mis-alignment between the zone cut as seen by the parent and that seen by
the child, hence there's no place to put the DS records.
Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20100317/9d3fba87/attachment.html>
More information about the dns-operations
mailing list