Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Delegating /24's from a /19

  • From: Mark Andrews
  • Date: Tue Mar 15 16:22:54 2005

In article <200503152040.j2FKe8p8001524@host122.r-bonomi.com> you write:
>
>> From owner-nanog@merit.edu  Tue Mar 15 14:12:12 2005
>> Date: Tue, 15 Mar 2005 15:12:10 -0500
>> From: Robert Blayzor <rblayzor@inoc.net>
>> To: alex@pilosoft.com
>> Cc: Mike Sawicki <fifi@HAX.ORG>, nanog@merit.edu
>> Subject: Re: Delegating /24's from a /19
>>
>>
>> alex@pilosoft.com wrote:
>> > Either by doing DNS delegation on the zone boundary or by SWIP'ing the 
>> > space to the other company.
>>
>> You can SWIP it yes, but that won't help DNS on small blocks like /24's.
>>
>> > It is very easy to do DNS delegation, say if you have 128.0.0.0/19, and 
>> > you want to delegate 128.0.1.0/24, in your zone file for 
>> > 0.128.in-addr.arpa zone put 
>> > 
>> > 1 IN	NS	ns1.othercompany.com
>> > 1 IN	NS	ns2.othercompany.com
>>
>> The only way it will work is to use RFC2317 or slave the zones from the
>> other name server.  Because he does not have the entire /16 you can't
>> just delegate like that.
>
>OK, what am I missing?
>
>*ASSUMPTION*:
>  The holder of the /16 _has_ delegated rDNS for the 32  /24s to the /19 owner.
>
>The /19 owner can, on it's nameserver, run an "authoritative" zone for
>the /16 -- with _its_ /24s listed explicitly, and a wildcard pointing 
>back to the rDNS nameserver of the /16 owner.
>
>"He who" queries from the outside world will work their way down from the
>.arpa zone, to the  X.W.in-addr.arpa  zone, get referred to the nameserver
>at "thiscompany", and get referred to the NS listed for Y.X.W.in-addr.arpa.
>which will resolve  Z.Y.X.W.in-addr.arpa.
>
>"He who" queries the /19 owner nameserver directly for a Y.X.W.in-addr.arpa 
>address that lies within the /19 owner's addresses will get answered by
>that nameserver, *or* be referred to the client's server. If they ask for
>something *outside* the  /19 owner's space, the wildcard -- referring to
>the 'upstream' (the /16 owner) nameserver kicks in.
>
>_AS_LONG_AS_ the 'delegated to' nameserver has the wildcard in it pointing
>back to the 'parent' nameserver, this seems to work just fine. Admittedly,
>if the upstream block owner changes the _name_ of it's nameserver(s), the
>'delegated to' nameserver  requires manual tweaking, but, realistically,
>"how often" does _that_ happen?

	This is the worst piece of "advice" I have ever seen.

	SWIP the nameservers.  The OP customers will be expecting to
	be able to use the X.Y.Z.IN-ADDR.ARPA as the zone name.  It
	also reduces the number of nameservers involved.  It is also
	the clean solution.  The RIR's are all setup to handle this.

	For those advising RFC 2317 please read the first sentence of
	the introduction.  RFC 2317 was NOT written to cover this
	situation.  Go put it back in the filing cabinet and bring
	it out when you have a situation that it does cover (/25-/32
	sub-delegation).

	Mark




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.