North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Delegating /24's from a /19
- From: Mark Andrews
- Date: Tue Mar 15 16:22:54 2005
In article <200503152040.j2FKe8p8001524@host122.r-bonomi.com> you write:
>> From email@example.com Tue Mar 15 14:12:12 2005
>> Date: Tue, 15 Mar 2005 15:12:10 -0500
>> From: Robert Blayzor <firstname.lastname@example.org>
>> To: email@example.com
>> Cc: Mike Sawicki <fifi@HAX.ORG>, firstname.lastname@example.org
>> Subject: Re: Delegating /24's from a /19
>> email@example.com wrote:
>> > Either by doing DNS delegation on the zone boundary or by SWIP'ing the
>> > space to the other company.
>> You can SWIP it yes, but that won't help DNS on small blocks like /24's.
>> > It is very easy to do DNS delegation, say if you have 220.127.116.11/19, and
>> > you want to delegate 18.104.22.168/24, in your zone file for
>> > 0.128.in-addr.arpa zone put
>> > 1 IN NS ns1.othercompany.com
>> > 1 IN NS ns2.othercompany.com
>> The only way it will work is to use RFC2317 or slave the zones from the
>> other name server. Because he does not have the entire /16 you can't
>> just delegate like that.
>OK, what am I missing?
> The holder of the /16 _has_ delegated rDNS for the 32 /24s to the /19 owner.
>The /19 owner can, on it's nameserver, run an "authoritative" zone for
>the /16 -- with _its_ /24s listed explicitly, and a wildcard pointing
>back to the rDNS nameserver of the /16 owner.
>"He who" queries from the outside world will work their way down from the
>.arpa zone, to the X.W.in-addr.arpa zone, get referred to the nameserver
>at "thiscompany", and get referred to the NS listed for Y.X.W.in-addr.arpa.
>which will resolve Z.Y.X.W.in-addr.arpa.
>"He who" queries the /19 owner nameserver directly for a Y.X.W.in-addr.arpa
>address that lies within the /19 owner's addresses will get answered by
>that nameserver, *or* be referred to the client's server. If they ask for
>something *outside* the /19 owner's space, the wildcard -- referring to
>the 'upstream' (the /16 owner) nameserver kicks in.
>_AS_LONG_AS_ the 'delegated to' nameserver has the wildcard in it pointing
>back to the 'parent' nameserver, this seems to work just fine. Admittedly,
>if the upstream block owner changes the _name_ of it's nameserver(s), the
>'delegated to' nameserver requires manual tweaking, but, realistically,
>"how often" does _that_ happen?
This is the worst piece of "advice" I have ever seen.
SWIP the nameservers. The OP customers will be expecting to
be able to use the X.Y.Z.IN-ADDR.ARPA as the zone name. It
also reduces the number of nameservers involved. It is also
the clean solution. The RIR's are all setup to handle this.
For those advising RFC 2317 please read the first sentence of
the introduction. RFC 2317 was NOT written to cover this
situation. Go put it back in the filing cabinet and bring
it out when you have a situation that it does cover (/25-/32