North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Delegating /24's from a /19
> From email@example.com Tue Mar 15 14:12:12 2005 > Date: Tue, 15 Mar 2005 15:12:10 -0500 > From: Robert Blayzor <firstname.lastname@example.org> > To: email@example.com > Cc: Mike Sawicki <fifi@HAX.ORG>, firstname.lastname@example.org > Subject: Re: Delegating /24's from a /19 > > > email@example.com wrote: > > Either by doing DNS delegation on the zone boundary or by SWIP'ing the > > space to the other company. > > You can SWIP it yes, but that won't help DNS on small blocks like /24's. > > > It is very easy to do DNS delegation, say if you have 18.104.22.168/19, and > > you want to delegate 22.214.171.124/24, in your zone file for > > 0.128.in-addr.arpa zone put > > > > 1 IN NS ns1.othercompany.com > > 1 IN NS ns2.othercompany.com > > The only way it will work is to use RFC2317 or slave the zones from the > other name server. Because he does not have the entire /16 you can't > just delegate like that. OK, what am I missing? *ASSUMPTION*: The holder of the /16 _has_ delegated rDNS for the 32 /24s to the /19 owner. The /19 owner can, on it's nameserver, run an "authoritative" zone for the /16 -- with _its_ /24s listed explicitly, and a wildcard pointing back to the rDNS nameserver of the /16 owner. "He who" queries from the outside world will work their way down from the .arpa zone, to the X.W.in-addr.arpa zone, get referred to the nameserver at "thiscompany", and get referred to the NS listed for Y.X.W.in-addr.arpa. which will resolve Z.Y.X.W.in-addr.arpa. "He who" queries the /19 owner nameserver directly for a Y.X.W.in-addr.arpa address that lies within the /19 owner's addresses will get answered by that nameserver, *or* be referred to the client's server. If they ask for something *outside* the /19 owner's space, the wildcard -- referring to the 'upstream' (the /16 owner) nameserver kicks in. _AS_LONG_AS_ the 'delegated to' nameserver has the wildcard in it pointing back to the 'parent' nameserver, this seems to work just fine. Admittedly, if the upstream block owner changes the _name_ of it's nameserver(s), the 'delegated to' nameserver requires manual tweaking, but, realistically, "how often" does _that_ happen?