how to setup revdns for /16 subnet
Tomasz Pajor
How can I setup a revdns for a /16 subnet?
Subnet is split to 1x /17 2x /18.
Do I need to create a separate zone file for each class (1.1.x.y.in-addr.arpa, 1.10.x.y.in-addr.arpa etc.) or can I create three zone files for each subnet and place PTR records there?
--
Tom
Matus UHLAR - fantomas
> How can I setup a revdns for a /16 subnet?
> Subnet is split to 1x /17 2x /18.
what do you mean split? are they 3 different ranges you got from your RIR or
is that private subnet
> Do I need to create a separate zone file for each class
> (1.1.x.y.in-addr.arpa, 1.10.x.y.in-addr.arpa etc.) or can I create three
> zone files for each subnet and place PTR records there?
You can create reverse zone for /16 (b.a.in-addr.arpa) or /24
(c.b.a.in-addr.arpa). It's easier to mainsain smaller files (256 reverse
zones for /24) but it's probably easier to register reverse for /16 if
that's public address space.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may get the worm, but the second mouse gets the cheese.
Matus UHLAR - fantomas
> > On 28.07.08 13:07, Tomasz Pajor wrote:
> > > How can I setup a revdns for a /16 subnet?
> > > Subnet is split to 1x /17 2x /18.
>
> > what do you mean split? are they 3 different ranges you got from your RIR or
> > is that private subnet
>
> separate revdns zone for each one.
create /16 reverse zone (b.a.in-addr.arpa), ask for delegatin of it, and
split it to /24's. It's not easy to split to zones for other ranges.
> > > Do I need to create a separate zone file for each class
> > > (1.1.x.y.in-addr.arpa, 1.10.x.y.in-addr.arpa etc.) or can I create three
> > > zone files for each subnet and place PTR records there?
> >
> > You can create reverse zone for /16 (b.a.in-addr.arpa) or /24
> > (c.b.a.in-addr.arpa). It's easier to mainsain smaller files (256 reverse
> > zones for /24) but it's probably easier to register reverse for /16 if
> > that's public address space.
>
> That's a public address space.
> I found an rfc (http://www.rfc-archive.org/getrfc.php?rfc=4183) i tried to do as it says but it won't work :/
that RFC seems to be irelevant here.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I drive way too fast to worry about cholesterol.
Tomasz Pajor
> > > On 28.07.08 13:07, Tomasz Pajor wrote:
> > > > How can I setup a revdns for a /16 subnet?
> > > > Subnet is split to 1x /17 2x /18.
> >
> > > what do you mean split? are they 3 different ranges you got from your RIR or
> > > is that private subnet
> >
> > I've got a /16 and it will be split into 3 subnets, and I want to create a
> > separate revdns zone for each one.
>
> create /16 reverse zone (b.a.in-addr.arpa), ask for delegatin of it, and
> split it to /24's. It's not easy to split to zones for other ranges.
I want to split it to one /17 and two /18, how can I do that?
--
Tom
Tomasz Pajor
> > How can I setup a revdns for a /16 subnet?
> > Subnet is split to 1x /17 2x /18.
> what do you mean split? are they 3 different ranges you got from your RIR or
> is that private subnet
I've got a /16 and it will be split into 3 subnets, and I want to create a separate revdns zone for each one.
> > Do I need to create a separate zone file for each class
Mark Andrews
> > On 28.07.08 13:07, Tomasz Pajor wrote:
> > > How can I setup a revdns for a /16 subnet?
> > > Subnet is split to 1x /17 2x /18.
>
> > what do you mean split? are they 3 different ranges you got from your RIR o
> r
> > is that private subnet
>
> I've got a /16 and it will be split into 3 subnets, and I want to create a se
> parate revdns zone for each one.
Just create zones for each of the /24's that make up the /17's and
/18's. Delegate from the /16 to these /24's.
$ORIGIN x.y.in-addr.arpa.
@ SOA ...
@ NS ns1.example.net.
@ NS ns2.example.net.
0 NS ns1.sub1.example.net
0 NS ns2.sub1.example.net
...
127 NS ns1.sub1.example.net
127 NS ns2.sub1.example.net
128 NS ns1.sub2.example.net
128 NS ns2.sub2.example.net
...
191 NS ns1.sub2.example.net
191 NS ns2.sub2.example.net
192 NS ns1.sub3.example.net
192 NS ns2.sub3.example.net
...
255 NS ns1.sub3.example.net
255 NS ns2.sub3.example.net
> > > Do I need to create a separate zone file for each class
> > > (1.1.x.y.in-addr.arpa, 1.10.x.y.in-addr.arpa etc.) or can I create three
> > > zone files for each subnet and place PTR records there?
> >
> > You can create reverse zone for /16 (b.a.in-addr.arpa) or /24
> > (c.b.a.in-addr.arpa). It's easier to mainsain smaller files (256 reverse
> > zones for /24) but it's probably easier to register reverse for /16 if
> > that's public address space.
>
> That's a public address space.
> I found an rfc (http://www.rfc-archive.org/getrfc.php?rfc=4183) i tried to do
> as it says but it won't work :/
>
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_A...@isc.org
Tomasz Pajor
> > > On 28.07.08 13:07, Tomasz Pajor wrote:
> > > > How can I setup a revdns for a /16 subnet?
> > > > Subnet is split to 1x /17 2x /18.
> >
> > > what do you mean split? are they 3 different ranges you got from your RIR o
> > r
> > > is that private subnet
> >
> > I've got a /16 and it will be split into 3 subnets, and I want to create a se
> > parate revdns zone for each one.
>
> Just create zones for each of the /24's that make up the /17's and
> /18's. Delegate from the /16 to these /24's.
What if I would like to split /24 to two separate /25 ?
--
Tom
Jeff Lightner
create separate entries in named.conf like:
# Special notation required for internet delegation (e.g. dig -x ...)
#
zone "192/27.84.44.12.IN-ADDR.ARPA" {
type master;
file "arpa.12.44.84";
allow-transfer { watercom; };
allow-query { any; };
};
# Standard notation required for direct lookups (e.g. dig @mydnshost -x
...)
#
zone "84.44.12.IN-ADDR.ARPA" {
type master;
file "arpa.12.44.84";
allow-transfer { watercom; };
allow-query { any; };
};
That is to say for most purposes the first entry worked fine but if I
specified my host to dig the record from it would complain about
84.44.12.in-addr.arpa not found. Notice both records point to the same
arpa zone file.
I don't think you could split them for the latter entry but I didn't
try.
-----Original Message-----
From: bind-use...@isc.org [mailto:bind-use...@isc.org] On
Behalf Of Tomasz Pajor
Sent: Monday, July 28, 2008 8:21 AM
To: bind-...@isc.org
Subject: Re: how to setup revdns for /16 subnet
> On 28.07.08 13:07, Tomasz Pajor wrote:
> > How can I setup a revdns for a /16 subnet?
> > Subnet is split to 1x /17 2x /18.
> what do you mean split? are they 3 different ranges you got from your
RIR or
> is that private subnet
I've got a /16 and it will be split into 3 subnets, and I want to create
a separate revdns zone for each one.
> > Do I need to create a separate zone file for each class
> > (1.1.x.y.in-addr.arpa, 1.10.x.y.in-addr.arpa etc.) or can I create
three
> > zone files for each subnet and place PTR records there?
>
> You can create reverse zone for /16 (b.a.in-addr.arpa) or /24
> (c.b.a.in-addr.arpa). It's easier to mainsain smaller files (256
reverse
> zones for /24) but it's probably easier to register reverse for /16 if
> that's public address space.
That's a public address space.
I found an rfc (http://www.rfc-archive.org/getrfc.php?rfc=4183) i tried
to do as it says but it won't work :/
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------
Matus UHLAR - fantomas
> > > > > How can I setup a revdns for a /16 subnet?
> > > > > Subnet is split to 1x /17 2x /18.
> > >
> > > > what do you mean split? are they 3 different ranges you got from your RIR or
> > > > is that private subnet
> > >
> > > I've got a /16 and it will be split into 3 subnets, and I want to create a
> > > separate revdns zone for each one.
> >
> > split it to /24's. It's not easy to split to zones for other ranges.
On 28.07.08 15:00, Tomasz Pajor wrote:
> I want to split it to one /17 and two /18, how can I do that?
it would be horrible and complicated. Just use /16's, 256 reverse zones for
0.b.a.in-addr.arpa
1.b.a.in-addr.arpa
...
255.b.a.in-addr.arpa
and first (or last) 128 will be for the /17, first half (64) of the rest
will be first /18, remaining will belong to second /18
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
Jeff Lightner
of IPs I have an entry in named.conf of which I only posted the first.
A single zone file DOES work for multiple ranges because the named.conf
entry indicates from which zone file to query the reverse. You can
have one zone file that has multiple named.conf entries pointing to it.
My point was that I had originally thought I'd broken the first entry
below which is required based on the way AT&T delegates to us because my
dig directly to my server wouldn't understand the delegation syntax.
Adding the second entry you see below resolved that because it is the
syntax dig understood going directly to my host.
You can have different ranges using the first entry syntax (specifying
the range) but still keep it all in a single zone file. Or you can have
two different zone files for that.
My final comment was that the second entry I had made was for the basic
(no range) entry used for the direct dig of my server and because of the
fact it was expecting a certain zone I didn't think you could split it
up. If you don't care about doing direct dig of your server you don't
need it.
-----Original Message-----
From: bind-use...@isc.org [mailto:bind-use...@isc.org] On
Behalf Of Matus UHLAR - fantomas
Sent: Monday, July 28, 2008 10:44 AM
To: bind-...@isc.org
Subject: Re: how to setup revdns for /16 subnet
On 28.07.08 09:13, Jeff Lightner wrote:
> I had an issue with using dig to query my reverse lookups so had to
> create separate entries in named.conf like:
>
> # Special notation required for internet delegation (e.g. dig -x ...)
> #
> zone "192/27.84.44.12.IN-ADDR.ARPA" {
> type master;
> file "arpa.12.44.84";
> allow-transfer { watercom; };
> allow-query { any; };
> };
>
> # Standard notation required for direct lookups (e.g. dig @mydnshost
-x
> ...)
> #
> zone "84.44.12.IN-ADDR.ARPA" {
> type master;
> file "arpa.12.44.84";
> allow-transfer { watercom; };
> allow-query { any; };
> };
the same zone file for your /27 and whole /24 ? This way you won't see
reverse names for rest of the /24, which may cause problems to you.
> That is to say for most purposes the first entry worked fine but if I
> specified my host to dig the record from it would complain about
> 84.44.12.in-addr.arpa not found.
it does not exist. Your ISP seems to have your delegation records in the
44.12.in-addr.arpa zone. However 192/27.84.44.12.in-addr.arpa is
delegated
to 3 servers, of which 2 exist, of which only one returns answer...
> Notice both records point to the same arpa zone file.
Yes, I have, see my comment above.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.
Matus UHLAR - fantomas
> > > > > How can I setup a revdns for a /16 subnet?
> > > > > Subnet is split to 1x /17 2x /18.
> > >
> > > > what do you mean split? are they 3 different ranges you got from your RIR o
> > > r
> > > > is that private subnet
> > >
> > > I've got a /16 and it will be split into 3 subnets, and I want to create a se
> > > parate revdns zone for each one.
> Dnia Mon, 28 Jul 2008 23:10:42 +1000 napisano:
> > Just create zones for each of the /24's that make up the /17's and
> > /18's. Delegate from the /16 to these /24's.
On 28.07.08 15:37, Tomasz Pajor wrote:
> What if I would like to split /24 to two separate /25 ?
RFC 2317 describes it nicely.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends?
Matus UHLAR - fantomas
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Matus UHLAR - fantomas
> I wasn't providing my entire named.conf - just example - for each range
> of IPs I have an entry in named.conf of which I only posted the first.
>
>
> A single zone file DOES work for multiple ranges because the named.conf
> entry indicates from which zone file to query the reverse. You can
> have one zone file that has multiple named.conf entries pointing to it.
I don't see any point in merging all zones to the same file and expecting
BIND to search trhrough it when loading, only when providing the same data
(I use that for empty RFC 1918 and 3330 zones)
I guess that can cause problems and makes loading slower.
> My point was that I had originally thought I'd broken the first entry
> below which is required based on the way AT&T delegates to us because my
> dig directly to my server wouldn't understand the delegation syntax.
> Adding the second entry you see below resolved that because it is the
> syntax dig understood going directly to my host.
"dig" and "named" don't have to understand the syntax. They are simply
searching for PTR record, e.g. 193.84.44.12.IN-ADDR.ARPA if the IP is
12.44.84.193. Reverse lookup shows that it has CNAME record of
193.192/27.84.44.12.IN-ADDR.ARPA and nameservers for
192/27.84.44.12.IN-ADDR.ARPA are those yours, so they are asked for it.
currently you are unable to recolve records for other IPs in 12.44.84.0/24,
unless you have own PTR records in the zone, but they are most probably
different from those at&t has.
I advise you simply remove the 84.44.12.IN-ADDR.ARPA zone from your named,
so the resolution will go through standard process. If that fails, something
is broken and you should find out what, instead of faking reverse zone
yourself.
> You can have different ranges using the first entry syntax (specifying
> the range) but still keep it all in a single zone file. Or you can have
> two different zone files for that.
I recomment the latter one, instead of keeping all stuff in one file.
(if that breaks, all your zones will probably disappear)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
Chris Thompson
>On 28.07.08 15:00, Tomasz Pajor wrote:
>
>it would be horrible and complicated. Just use /16's, 256 reverse zones for
>0.b.a.in-addr.arpa
>1.b.a.in-addr.arpa
>...
>255.b.a.in-addr.arpa
>
>and first (or last) 128 will be for the /17, first half (64) of the rest
>will be first /18, remaining will belong to second /18
That's the conventional advice, of course, but does lead to a proliferation
of reverse zones. It seems to me that if one believes that DNAMEs really do
work (by virtue of the synthesized CNAMEs), then one ought to be able to use
them in an RFC2317-like way in cases like this:
$ORIGIN b.a.in-addr.arpa.
@ SOA ...
NS ...
0-127 NS (delegation for the /17)
128-191 NS (delegation for the first /18)
192-255 NS (delegation for the second /18)
0 DNAME 0.0-127
1 DNAME 1.0-127
...
127 DNAME 127.0-127
128 DNAME 128.28-191
...
191 DNAME 191.128-191
192 DNAME 192.192-255
...
254 DNAME 254.192-255
255 DNAME 255.192-255
and then the delegatees have only three zones
0-127.b.a.in-addr.arpa.
128-191.b.a.in-addr.arpa.
192-255.b.a.in-addr.arpa.
to look after, each of which they populate as if they were (incomplete)
reverse zones for b.a.in-addr.arpa.
This is only a thought experiment: has anyone actually tried to do
something like this?
--
Chris Thompson
Email: ce...@cam.ac.uk
Paul Vixie
> That's the conventional advice, of course, but does lead to a proliferation
> of reverse zones. It seems to me that if one believes that DNAMEs really do
> work (by virtue of the synthesized CNAMEs), then one ought to be able to use
> them in an RFC2317-like way in cases like this:
DNAMEs really do work.
> $ORIGIN b.a.in-addr.arpa.
> @ SOA ...
> NS ...
> 0-127 NS (delegation for the /17)
> 128-191 NS (delegation for the first /18)
> 192-255 NS (delegation for the second /18)
> 0 DNAME 0.0-127
> 1 DNAME 1.0-127
> ...
> 127 DNAME 127.0-127
$GENERATE 0-127 $ DNAME $.0-127
> 128 DNAME 128.28-191
> ...
> 191 DNAME 191.128-191
$GENERATE 128-191 $ DNAME $.128-191
> 192 DNAME 192.192-255
> ...
> 254 DNAME 254.192-255
> 255 DNAME 255.192-255
$GENERATE 192-255 $ DNAME $.192-255
> and then the delegatees have only three zones
>
> 0-127.b.a.in-addr.arpa.
> 128-191.b.a.in-addr.arpa.
> 192-255.b.a.in-addr.arpa.
>
> to look after, each of which they populate as if they were (incomplete)
> reverse zones for b.a.in-addr.arpa.
yes.
> This is only a thought experiment: has anyone actually tried to do
> something like this?
yes.
--
Paul Vixie
Chris Thompson
>Chris Thompson <ce...@hermes.cam.ac.uk> writes:
>
>> That's the conventional advice, of course, but does lead to a proliferation
>> of reverse zones. It seems to me that if one believes that DNAMEs really do
>> work (by virtue of the synthesized CNAMEs), then one ought to be able to use
>> them in an RFC2317-like way in cases like this:
>
>DNAMEs really do work.
>
>> $ORIGIN b.a.in-addr.arpa.
>> @ SOA ...
>> NS ...
>> 0-127 NS (delegation for the /17)
>> 128-191 NS (delegation for the first /18)
>> 192-255 NS (delegation for the second /18)
[...]
>$GENERATE 0-127 $ DNAME $.0-127
>$GENERATE 128-191 $ DNAME $.128-191
>$GENERATE 192-255 $ DNAME $.192-255
[...]
>> and then the delegatees have only three zones
>>
>> 0-127.b.a.in-addr.arpa.
>> 128-191.b.a.in-addr.arpa.
>> 192-255.b.a.in-addr.arpa.
>>
>> to look after, each of which they populate as if they were (incomplete)
>> reverse zones for b.a.in-addr.arpa.
>
>yes.
>
>> This is only a thought experiment: has anyone actually tried to do
>> something like this?
>
>yes.
Example(s) in the public DNS? So that I can point at it/them, and say
"look, it doesn't cause any problems for John Doe's networks: why don't
we start doing it like that?" ?
Paul Vixie
> "look, it doesn't cause any problems for John Doe's networks: why don't
> we start doing it like that?" ?
for starters, <http://www.isc.org/pubs/tn/index.pl?tn=isc-tn-2002-1.txt>.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Chris Thompson
>> Example(s) in the public DNS? So that I can point at it/them, and say
>> "look, it doesn't cause any problems for John Doe's networks: why don't
>> we start doing it like that?" ?
>> --
>> Chris Thompson
>> Email: ce...@cam.ac.uk
>
>for starters, <http://www.isc.org/pubs/tn/index.pl?tn=isc-tn-2002-1.txt>.
Well yes, but ip6.int doesn't exist any longer, so I can't hold it up
as an "example in the public DNS".
Paul Vixie
>
> Well yes, but ip6.int doesn't exist any longer, so I can't hold it up
> as an "example in the public DNS".
ah. most unfortunate. this worked for years in the public dns.