North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Delegating /24's from a /19
- From: Robert Bonomi
- Date: Tue Mar 15 15:42:02 2005
> From firstname.lastname@example.org Tue Mar 15 14:12:12 2005
> Date: Tue, 15 Mar 2005 15:12:10 -0500
> From: Robert Blayzor <email@example.com>
> To: firstname.lastname@example.org
> Cc: Mike Sawicki <fifi@HAX.ORG>, email@example.com
> Subject: Re: Delegating /24's from a /19
> firstname.lastname@example.org wrote:
> > Either by doing DNS delegation on the zone boundary or by SWIP'ing the
> > space to the other company.
> You can SWIP it yes, but that won't help DNS on small blocks like /24's.
> > It is very easy to do DNS delegation, say if you have 22.214.171.124/19, and
> > you want to delegate 126.96.36.199/24, in your zone file for
> > 0.128.in-addr.arpa zone put
> > 1 IN NS ns1.othercompany.com
> > 1 IN NS ns2.othercompany.com
> The only way it will work is to use RFC2317 or slave the zones from the
> other name server. Because he does not have the entire /16 you can't
> just delegate like that.
OK, what am I missing?
The holder of the /16 _has_ delegated rDNS for the 32 /24s to the /19 owner.
The /19 owner can, on it's nameserver, run an "authoritative" zone for
the /16 -- with _its_ /24s listed explicitly, and a wildcard pointing
back to the rDNS nameserver of the /16 owner.
"He who" queries from the outside world will work their way down from the
.arpa zone, to the X.W.in-addr.arpa zone, get referred to the nameserver
at "thiscompany", and get referred to the NS listed for Y.X.W.in-addr.arpa.
which will resolve Z.Y.X.W.in-addr.arpa.
"He who" queries the /19 owner nameserver directly for a Y.X.W.in-addr.arpa
address that lies within the /19 owner's addresses will get answered by
that nameserver, *or* be referred to the client's server. If they ask for
something *outside* the /19 owner's space, the wildcard -- referring to
the 'upstream' (the /16 owner) nameserver kicks in.
_AS_LONG_AS_ the 'delegated to' nameserver has the wildcard in it pointing
back to the 'parent' nameserver, this seems to work just fine. Admittedly,
if the upstream block owner changes the _name_ of it's nameserver(s), the
'delegated to' nameserver requires manual tweaking, but, realistically,
"how often" does _that_ happen?