Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Reverse zone delegation for 172.16.16.0/20 - HOW TO?
548 views
Skip to first unread message
Ellad G. Yatsko
May 18, 2012, 12:29:35 PM5/18/12
to bind-...@lists.isc.org
Hello!
There is the Supernet 172.16.0.0/12 is distributed through my network.
Some network hierarchy is built in this Supernet. Some addressing plan
is used.
There are some towns. Each town has IP pool of
172.16.0.0/16...172.30.0.0/16.
There are some sites in different districts of above towns, they get a
block of IP-addresess: 172.xx.0.0/20 from its main town's server.
Each ending site uses its networks in the following way:
- servers;
- voice;
- video surveillance;
- top-managers;
- accounting;
- ... some other departaments.
Indeed it's no matter what and why. Now I want to build hierarchic
structure of DNS servers in each location. And delegate zones accordingly.
But I have some troubles in the beginning. How do I describe topmost
172.16.0.0/12 zone?
I used a trick and made zone 172.in-addr.arpa. It is not exact but it works.
But I can't at all to delegate block 172.16.0.0/16 to second level
server to say nothing about delegation 172.16.16.0/20 from second level
to ending DNS!
Then I tried to solve this task in the most general way. I thought If I
learn how to delegate "most difficult zone" I delegate simplier one easily.
So I began to delegate 172.16.16.0/20 (not 172.16.0.0/16) from topmost
server to its neighbor as follows:
zone "172.in-addr.arpa" {
type master;
file "/etc/bind/master/reverse/172.in-addr.arpa";
forwarders { };
};
and (in zone file):
0.16/20.16.172.in-addr.arpa. IN NS
srvgate.sokol.msk.united-networks.ru.
$GENERATE 0-256 $.16.16.172.in-addr.arpa. IN CNAME
$.0.16/20.16.172.in-addr.arpa.
$GENERATE 0-256 $.31.16.172.in-addr.arpa. IN CNAME
$.0.31/20.16.172.in-addr.arpa.
And it does even work - delegating server asks fof 172.16.31.1 for
subordinate server, but I can't to explain to second DNS how to treat
172.16.31.1
relative to 0.16/20.16.172.in-addr.arpa locally. So I tried:
zone "0.16/20.16.172.in-addr.arpa" {
type master;
file "/etc/bind/slave/reverse/0.16-20.16.172.in-addr.arpa";
forwarders { };
};
and:
$TTL 3600 ; 1 hour
@ IN SOA srvgate.sokol.msk.united-networks.ru.
root.united-networks.ru. (
2012041707 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
IN NS srvgate.sokol.msk.united-networks.ru.
1.0.16/20.16.172.in-addr.arpa. IN PTR
srvgate.sokol.msk.united-networks.ru.
When I studied the issue I refered to an article
(http://www.simpledns.com/kb.aspx?kbid=1240) which greatly halped me before.
But I can't imagine how it will be for Class-B and Class-A supernets.
May help me with ideas and sintax?
I don't need to enumerate all 4096 /24 zones on topmost DNS, all 256
172.xx.yy.0/24 on second-level DNS and all 16 /24 zones for each site.
It is teh worst advise because it is approximately that what I have
today. I thought to order the structure and to do this "scientifically"
as RIRs do. :-)
Kind regards,
Ellad
There is the Supernet 172.16.0.0/12 is distributed through my network.
Some network hierarchy is built in this Supernet. Some addressing plan
is used.
There are some towns. Each town has IP pool of
172.16.0.0/16...172.30.0.0/16.
There are some sites in different districts of above towns, they get a
block of IP-addresess: 172.xx.0.0/20 from its main town's server.
Each ending site uses its networks in the following way:
- servers;
- voice;
- video surveillance;
- top-managers;
- accounting;
- ... some other departaments.
Indeed it's no matter what and why. Now I want to build hierarchic
structure of DNS servers in each location. And delegate zones accordingly.
But I have some troubles in the beginning. How do I describe topmost
172.16.0.0/12 zone?
I used a trick and made zone 172.in-addr.arpa. It is not exact but it works.
But I can't at all to delegate block 172.16.0.0/16 to second level
server to say nothing about delegation 172.16.16.0/20 from second level
to ending DNS!
Then I tried to solve this task in the most general way. I thought If I
learn how to delegate "most difficult zone" I delegate simplier one easily.
So I began to delegate 172.16.16.0/20 (not 172.16.0.0/16) from topmost
server to its neighbor as follows:
zone "172.in-addr.arpa" {
type master;
file "/etc/bind/master/reverse/172.in-addr.arpa";
forwarders { };
};
and (in zone file):
0.16/20.16.172.in-addr.arpa. IN NS
srvgate.sokol.msk.united-networks.ru.
$GENERATE 0-256 $.16.16.172.in-addr.arpa. IN CNAME
$.0.16/20.16.172.in-addr.arpa.
$GENERATE 0-256 $.31.16.172.in-addr.arpa. IN CNAME
$.0.31/20.16.172.in-addr.arpa.
And it does even work - delegating server asks fof 172.16.31.1 for
subordinate server, but I can't to explain to second DNS how to treat
172.16.31.1
relative to 0.16/20.16.172.in-addr.arpa locally. So I tried:
zone "0.16/20.16.172.in-addr.arpa" {
type master;
file "/etc/bind/slave/reverse/0.16-20.16.172.in-addr.arpa";
forwarders { };
};
and:
$TTL 3600 ; 1 hour
@ IN SOA srvgate.sokol.msk.united-networks.ru.
root.united-networks.ru. (
2012041707 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
IN NS srvgate.sokol.msk.united-networks.ru.
1.0.16/20.16.172.in-addr.arpa. IN PTR
srvgate.sokol.msk.united-networks.ru.
When I studied the issue I refered to an article
(http://www.simpledns.com/kb.aspx?kbid=1240) which greatly halped me before.
But I can't imagine how it will be for Class-B and Class-A supernets.
May help me with ideas and sintax?
I don't need to enumerate all 4096 /24 zones on topmost DNS, all 256
172.xx.yy.0/24 on second-level DNS and all 16 /24 zones for each site.
It is teh worst advise because it is approximately that what I have
today. I thought to order the structure and to do this "scientifically"
as RIRs do. :-)
Kind regards,
Ellad
Barry Margolin
May 18, 2012, 2:54:49 PM5/18/12
to comp-protoc...@isc.org
In article <mailman.823.1337358...@lists.isc.org>,
for other 172.x.x.x addresses outside the RFC 1918 block. Maybe you
could download the real 172.in-addr.arpa zone, and merge your changes
into it.
In the 172.in-addr.arpa zone, just do a normal delegation:
16 IN NS second-level-server.
You can use $GENERATE for this. In the zone file for
17.172.in-addr.arpa, do:
$GENERATE 16-31 $ IN NS srvgate.sokol.msk.united-networks.ru.
> Then I tried to solve this task in the most general way. I thought If I
> learn how to delegate "most difficult zone" I delegate simplier one easily.
>
> So I began to delegate 172.16.16.0/20 (not 172.16.0.0/16) from topmost
> server to its neighbor as follows:
>
>
> zone "172.in-addr.arpa" {
> type master;
> file "/etc/bind/master/reverse/172.in-addr.arpa";
> forwarders { };
> };
>
> and (in zone file):
>
> 0.16/20.16.172.in-addr.arpa. IN NS
> srvgate.sokol.msk.united-networks.ru.
> $GENERATE 0-256 $.16.16.172.in-addr.arpa. IN CNAME
> $.0.16/20.16.172.in-addr.arpa.
> $GENERATE 0-256 $.31.16.172.in-addr.arpa. IN CNAME
> $.0.31/20.16.172.in-addr.arpa.
This technique is really only needed for delegations of blocks smaller
than /24. For anything larger, just do multiple delegations.
--
Barry Margolin
Arlington, MA
"Ellad G. Yatsko" <eya...@ngs.ru> wrote:
> Hello!
>
> There is the Supernet 172.16.0.0/12 is distributed through my network.
> Some network hierarchy is built in this Supernet. Some addressing plan
> is used.
>
> There are some towns. Each town has IP pool of
> 172.16.0.0/16...172.30.0.0/16.
>
> There are some sites in different districts of above towns, they get a
> block of IP-addresess: 172.xx.0.0/20 from its main town's server.
>
> Each ending site uses its networks in the following way:
> - servers;
> - voice;
> - video surveillance;
> - top-managers;
> - accounting;
> - ... some other departaments.
>
> Indeed it's no matter what and why. Now I want to build hierarchic
> structure of DNS servers in each location. And delegate zones accordingly.
> But I have some troubles in the beginning. How do I describe topmost
> 172.16.0.0/12 zone?
>
> I used a trick and made zone 172.in-addr.arpa. It is not exact but it works.
The problem with this is that you won't be able to do reverse lookups
> Hello!
>
> There is the Supernet 172.16.0.0/12 is distributed through my network.
> Some network hierarchy is built in this Supernet. Some addressing plan
> is used.
>
> There are some towns. Each town has IP pool of
> 172.16.0.0/16...172.30.0.0/16.
>
> There are some sites in different districts of above towns, they get a
> block of IP-addresess: 172.xx.0.0/20 from its main town's server.
>
> Each ending site uses its networks in the following way:
> - servers;
> - voice;
> - video surveillance;
> - top-managers;
> - accounting;
> - ... some other departaments.
>
> Indeed it's no matter what and why. Now I want to build hierarchic
> structure of DNS servers in each location. And delegate zones accordingly.
> But I have some troubles in the beginning. How do I describe topmost
> 172.16.0.0/12 zone?
>
> I used a trick and made zone 172.in-addr.arpa. It is not exact but it works.
for other 172.x.x.x addresses outside the RFC 1918 block. Maybe you
could download the real 172.in-addr.arpa zone, and merge your changes
into it.
In the 172.in-addr.arpa zone, just do a normal delegation:
16 IN NS second-level-server.
You can use $GENERATE for this. In the zone file for
17.172.in-addr.arpa, do:
$GENERATE 16-31 $ IN NS srvgate.sokol.msk.united-networks.ru.
> Then I tried to solve this task in the most general way. I thought If I
> learn how to delegate "most difficult zone" I delegate simplier one easily.
>
> So I began to delegate 172.16.16.0/20 (not 172.16.0.0/16) from topmost
> server to its neighbor as follows:
>
>
> zone "172.in-addr.arpa" {
> type master;
> file "/etc/bind/master/reverse/172.in-addr.arpa";
> forwarders { };
> };
>
> and (in zone file):
>
> 0.16/20.16.172.in-addr.arpa. IN NS
> srvgate.sokol.msk.united-networks.ru.
> $GENERATE 0-256 $.16.16.172.in-addr.arpa. IN CNAME
> $.0.16/20.16.172.in-addr.arpa.
> $GENERATE 0-256 $.31.16.172.in-addr.arpa. IN CNAME
> $.0.31/20.16.172.in-addr.arpa.
than /24. For anything larger, just do multiple delegations.
--
Barry Margolin
Arlington, MA
Doug Barton
May 19, 2012, 7:58:37 PM5/19/12
to Ellad G. Yatsko, bind-...@lists.isc.org
On 5/18/2012 9:29 AM, Ellad G. Yatsko wrote:
> Hello!
>
> There is the Supernet 172.16.0.0/12 is distributed through my network.
> Some network hierarchy is built in this Supernet. Some addressing plan
> is used.
>
> There are some towns. Each town has IP pool of
> 172.16.0.0/16...172.30.0.0/16.
>
> There are some sites in different districts of above towns, they get a
> block of IP-addresess: 172.xx.0.0/20 from its main town's server.
>
> Hello!
>
> There is the Supernet 172.16.0.0/12 is distributed through my network.
> Some network hierarchy is built in this Supernet. Some addressing plan
> is used.
>
> There are some towns. Each town has IP pool of
> 172.16.0.0/16...172.30.0.0/16.
>
> There are some sites in different districts of above towns, they get a
> block of IP-addresess: 172.xx.0.0/20 from its main town's server.
>
> Indeed it's no matter what and why. Now I want to build hierarchic
> structure of DNS servers in each location. And delegate zones accordingly.
> But I have some troubles in the beginning. How do I describe topmost
> 172.16.0.0/12 zone?
You don't set up the /12 zone at all.
> structure of DNS servers in each location. And delegate zones accordingly.
> But I have some troubles in the beginning. How do I describe topmost
> 172.16.0.0/12 zone?
You haven't made it clear what the relationships are between the sites,
and who needs to resolve what. You also haven't made clear where the
resolving name servers are for these sites. In order to help we really
need more information about what you're trying to accomplish.
> I used a trick and made zone 172.in-addr.arpa. It is not exact but it
> works.
You probably don't want to delegate them at all, you probably want to
just set up the /16 zones on the appropriate local server. If other
sites need to resolve the addresses for a /16 assigned to one city,
there are various ways that this can be accomplished, but as I said
above we need to know more about what you're trying to do.
For delegation of the /20 zones, see:
http://dougbarton.us/DNS/2317.html
--
If you're never wrong, you're not trying hard enough
Saif Ahmed
May 20, 2012, 10:07:32 AM5/20/12
to bind-...@lists.isc.org
Hi,
I have configured authuritive only DNS,
It's respond well internally
But not answer the public quires,
options {
directory "/etc/named";
// version statement - inhibited for security
// (avoids hacking any known weaknesses)
version "not currently available";
// allows notifies only from master
allow-notify {172.20.10.10; };
// disables all zone transfer requests
allow-transfer{"none"; };
allow-query { any; };
query-source address * port 53;
recursion no;
pid-file "/var/run/named/named.pid";
below the tcpdump "udp port 53" result
17:05:03.913856 IP (tos 0x0, ttl 106, id 6612, offset 0, flags [none], proto
UDP (17), length 52)
peach.dnsstuff.com.pmsm-webrctl > 192.168.30.100.domain: [udp sum ok] 1+
A? com.iq. (24)
17:05:03.914396 IP (tos 0x0, ttl 64, id 28758, offset 0, flags [DF], proto
UDP (17), length 73)
Waiting for your advise;
Thanks A lot
Saif
I have configured authuritive only DNS,
It's respond well internally
But not answer the public quires,
options {
directory "/etc/named";
// version statement - inhibited for security
// (avoids hacking any known weaknesses)
version "not currently available";
// allows notifies only from master
allow-notify {172.20.10.10; };
// disables all zone transfer requests
allow-transfer{"none"; };
allow-query { any; };
query-source address * port 53;
recursion no;
pid-file "/var/run/named/named.pid";
below the tcpdump "udp port 53" result
17:05:03.913856 IP (tos 0x0, ttl 106, id 6612, offset 0, flags [none], proto
UDP (17), length 52)
peach.dnsstuff.com.pmsm-webrctl > 192.168.30.100.domain: [udp sum ok] 1+
A? com.iq. (24)
17:05:03.914396 IP (tos 0x0, ttl 64, id 28758, offset 0, flags [DF], proto
UDP (17), length 73)
Waiting for your advise;
Thanks A lot
Saif
Kevin Darcy
May 20, 2012, 11:53:05 AM5/20/12
to bind-...@lists.isc.org
Was the outgoing response packet also in your capture? What did it look
like? It should have been a NODATA response (NOERROR, 0 answers, an SOA
record in the Authority Section for negative caching), or possibly just
a root-zone referral, depending what authoritative zones are configured
in the instance.
If you don't see an outgoing response packet, check for any "blackhole"s
defined in your config. If that's not the cause, then check the network
configuration of your box. Maybe the response is going out the wrong
interface.
By the way, you should not port-limit your query source address. That
makes it easier for malicious people to forge DNS responses back to you.
- Kevin
Saif Ahmed
May 20, 2012, 2:41:29 PM5/20/12
to Kevin Darcy, bind-...@lists.isc.org
Hi Kevin,
Thanks for your reply,
It's worked now after flushing the iptables using iptables -f
Regards
Saif
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Ellad G. Yatsko
May 21, 2012, 2:20:15 AM5/21/12
to bind-...@lists.isc.org
Dear Barry!
I tried to delegate 172.16.16.0/ doing the following on the central site:
$ORIGIN 16.172.in-addr.arpa.
$GENREATE 16-31 $ NS srvgate.sokol.msk.united-networks.ru.
It works! :-) You are right! :-)
But I don't understand what do I need do on "sokol.msk"-server?
Do I need create 16 independent files for
16.16.172.in-addr.arpa...31.16.172.in-addr.arpa
or is there a way which allow me to aggregate all of those in a one file?
It is clear to me how I can treat /16 zones... :-) But I still don't
understand what I can make
with "accepting" server..
Kind regards,
Ellad
I tried to delegate 172.16.16.0/ doing the following on the central site:
$ORIGIN 16.172.in-addr.arpa.
$GENREATE 16-31 $ NS srvgate.sokol.msk.united-networks.ru.
It works! :-) You are right! :-)
But I don't understand what do I need do on "sokol.msk"-server?
Do I need create 16 independent files for
16.16.172.in-addr.arpa...31.16.172.in-addr.arpa
or is there a way which allow me to aggregate all of those in a one file?
It is clear to me how I can treat /16 zones... :-) But I still don't
understand what I can make
with "accepting" server..
Kind regards,
Ellad
>> Hello!
>>
>> There is the Supernet 172.16.0.0/12 is distributed through my network.
>> Some network hierarchy is built in this Supernet. Some addressing plan
>> is used.
>>
>> There are some towns. Each town has IP pool of
>> 172.16.0.0/16...172.30.0.0/16.
>>
>> There are some sites in different districts of above towns, they get a
>> block of IP-addresess: 172.xx.0.0/20 from its main town's server.
>>
>> Each ending site uses its networks in the following way:
>> - servers;
>> - voice;
>> - video surveillance;
>> - top-managers;
>> - accounting;
>> - ... some other departaments.
>>
>> Indeed it's no matter what and why. Now I want to build hierarchic
>> structure of DNS servers in each location. And delegate zones accordingly.
>> But I have some troubles in the beginning. How do I describe topmost
>> 172.16.0.0/12 zone?
>>
>> I used a trick and made zone 172.in-addr.arpa. It is not exact but it works.
>>
>> There is the Supernet 172.16.0.0/12 is distributed through my network.
>> Some network hierarchy is built in this Supernet. Some addressing plan
>> is used.
>>
>> There are some towns. Each town has IP pool of
>> 172.16.0.0/16...172.30.0.0/16.
>>
>> There are some sites in different districts of above towns, they get a
>> block of IP-addresess: 172.xx.0.0/20 from its main town's server.
>>
>> Each ending site uses its networks in the following way:
>> - servers;
>> - voice;
>> - video surveillance;
>> - top-managers;
>> - accounting;
>> - ... some other departaments.
>>
>> Indeed it's no matter what and why. Now I want to build hierarchic
>> structure of DNS servers in each location. And delegate zones accordingly.
>> But I have some troubles in the beginning. How do I describe topmost
>> 172.16.0.0/12 zone?
>>
>> I used a trick and made zone 172.in-addr.arpa. It is not exact but it works.
> The problem with this is that you won't be able to do reverse lookups
> for other 172.x.x.x addresses outside the RFC 1918 block. Maybe you
> could download the real 172.in-addr.arpa zone, and merge your changes
> into it.
>
> for other 172.x.x.x addresses outside the RFC 1918 block. Maybe you
> could download the real 172.in-addr.arpa zone, and merge your changes
> into it.
>
>> But I can't at all to delegate block 172.16.0.0/16 to second level
> In the 172.in-addr.arpa zone, just do a normal delegation:
>
> 16 IN NS second-level-server.
>
>
> 16 IN NS second-level-server.
>
> You can use $GENERATE for this. In the zone file for
> 17.172.in-addr.arpa, do:
>
> $GENERATE 16-31 $ IN NS srvgate.sokol.msk.united-networks.ru.
>
> 17.172.in-addr.arpa, do:
>
> $GENERATE 16-31 $ IN NS srvgate.sokol.msk.united-networks.ru.
>
>> Then I tried to solve this task in the most general way. I thought If I
>> learn how to delegate "most difficult zone" I delegate simplier one easily.
>>
>> So I began to delegate 172.16.16.0/20 (not 172.16.0.0/16) from topmost
>> server to its neighbor as follows:
>>
>>
>> zone "172.in-addr.arpa" {
>> type master;
>> file "/etc/bind/master/reverse/172.in-addr.arpa";
>> forwarders { };
>> };
>>
>> and (in zone file):
>>
>> 0.16/20.16.172.in-addr.arpa. IN NS
>> srvgate.sokol.msk.united-networks.ru.
>> $GENERATE 0-256 $.16.16.172.in-addr.arpa. IN CNAME
>> $.0.16/20.16.172.in-addr.arpa.
>> $GENERATE 0-256 $.31.16.172.in-addr.arpa. IN CNAME
>> $.0.31/20.16.172.in-addr.arpa.
>> learn how to delegate "most difficult zone" I delegate simplier one easily.
>>
>> So I began to delegate 172.16.16.0/20 (not 172.16.0.0/16) from topmost
>> server to its neighbor as follows:
>>
>>
>> zone "172.in-addr.arpa" {
>> type master;
>> file "/etc/bind/master/reverse/172.in-addr.arpa";
>> forwarders { };
>> };
>>
>> and (in zone file):
>>
>> 0.16/20.16.172.in-addr.arpa. IN NS
>> srvgate.sokol.msk.united-networks.ru.
>> $GENERATE 0-256 $.16.16.172.in-addr.arpa. IN CNAME
>> $.0.16/20.16.172.in-addr.arpa.
>> $GENERATE 0-256 $.31.16.172.in-addr.arpa. IN CNAME
>> $.0.31/20.16.172.in-addr.arpa.
Ellad G. Yatsko
May 21, 2012, 2:36:38 AM5/21/12
to bind-...@lists.isc.org
Hello Doug!
Sorry, it is my mistake. What is about the simpliest diagram? :-)
(Central Site)
172.16.0.0/12
/ \
(Regional Site) 172.16.0.0/16 . . . . . . . .
(Regional Site) 172.30.0.0/16
\
\
. . . . . . . . (Local Site) 172.16.16.0/20 . . . . . . .
. . . . . . . . . (Local Site) 172.30.32.0/20 . . . . .
. . .
Central delegates to Regional /16 block, Reginal to Local /20.
In terms of forward zone delegation it would be:
united-networks.ru (Central) -> msk.united-networks.ru (Regional,
Moscow) -> sokol.msk.united-networks.ru (district in Moscow City).
or
united-networks.ru (Central) -> abakan.united-networks.ru (Regional,
Khakasia republic with Abakan as capital, Russia)->
kurochkina.abakan.united-networks.ru (district in Abakan).
So I thought to set up reverse delegation by analogy with this.
The below article doesn't answer on question how to formalize /20
delegation. Instead it shows how to make < /24 delegation.
http://dougbarton.us/DNS/2317.html
Kind regards,
Ellad
Sorry, it is my mistake. What is about the simpliest diagram? :-)
(Central Site)
172.16.0.0/12
/ \
(Regional Site) 172.16.0.0/16 . . . . . . . .
(Regional Site) 172.30.0.0/16
\
\
. . . . . . . . (Local Site) 172.16.16.0/20 . . . . . . .
. . . . . . . . . (Local Site) 172.30.32.0/20 . . . . .
. . .
Central delegates to Regional /16 block, Reginal to Local /20.
In terms of forward zone delegation it would be:
united-networks.ru (Central) -> msk.united-networks.ru (Regional,
Moscow) -> sokol.msk.united-networks.ru (district in Moscow City).
or
united-networks.ru (Central) -> abakan.united-networks.ru (Regional,
Khakasia republic with Abakan as capital, Russia)->
kurochkina.abakan.united-networks.ru (district in Abakan).
So I thought to set up reverse delegation by analogy with this.
The below article doesn't answer on question how to formalize /20
delegation. Instead it shows how to make < /24 delegation.
http://dougbarton.us/DNS/2317.html
Kind regards,
Ellad
>
> You don't set up the /12 zone at all.
>
> You haven't made it clear what the relationships are between the sites,
> and who needs to resolve what. You also haven't made clear where the
> resolving name servers are for these sites. In order to help we really
> need more information about what you're trying to accomplish.
> You don't set up the /12 zone at all.
>
> You haven't made it clear what the relationships are between the sites,
> and who needs to resolve what. You also haven't made clear where the
> resolving name servers are for these sites. In order to help we really
> need more information about what you're trying to accomplish.
>> I used a trick and made zone 172.in-addr.arpa. It is not exact but it
>> works.
>> works.
> You really don't want to do that.
>
>
>> But I can't at all to delegate block 172.16.0.0/16 to second level
Matus UHLAR - fantomas
May 21, 2012, 3:33:30 AM5/21/12
to bind-...@lists.isc.org
On 21.05.12 10:20, Ellad G. Yatsko wrote:
>I tried to delegate 172.16.16.0/ doing the following on the central site:
>$ORIGIN 16.172.in-addr.arpa.
>$GENREATE 16-31 $ NS srvgate.sokol.msk.united-networks.ru.
>
>It works! :-) You are right! :-)
It works but better don't do that.
>I tried to delegate 172.16.16.0/ doing the following on the central site:
>$ORIGIN 16.172.in-addr.arpa.
>$GENREATE 16-31 $ NS srvgate.sokol.msk.united-networks.ru.
>
>It works! :-) You are right! :-)
>But I don't understand what do I need do on "sokol.msk"-server?
>Do I need create 16 independent files for
>16.16.172.in-addr.arpa...31.16.172.in-addr.arpa
>or is there a way which allow me to aggregate all of those in a one file?
16.16.172.in-addr.arpa
...
31.16.172.in-addr.arpa
and use it as 16 separate /16 zones. Better do not try to make this
easiee, you will end in making that more complicated and error-prone.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest.
Matus UHLAR - fantomas
May 21, 2012, 3:36:01 AM5/21/12
to bind-...@lists.isc.org
On 21.05.12 10:36, Ellad G. Yatsko wrote:
>The below article doesn't answer on question how to formalize /20
>delegation. Instead it shows how to make < /24 delegation.
> http://dougbarton.us/DNS/2317.html
delegation of /20 can be simply made like the </24 delegation.
>The below article doesn't answer on question how to formalize /20
>delegation. Instead it shows how to make < /24 delegation.
> http://dougbarton.us/DNS/2317.html
However it's better not to do things this weay and better split the /16
block to 256 od /24 blocks and simply delegate each other as you need.
Doing it simple is both nice and resistant to errors.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
0 new messages