Re: [NTISP] DNS Reverse Delegation

Randy Martin ( ntisp@austintx.net )
Fri, 30 Apr 1999 02:34:05 -0500

At 02:04 PM 4/29/1999 -0600, you wrote:
>How would you delegate a range of IP's, less than a class C, to another name
>server? We have a customer down stream who wants to run his own Name server
>within the range of his /27. Obviously we want to continue to have control
>of the rest of the IP's in the class C he is part of.
>
>We are using Bind for NT.
>
>Thanks,
>
>Steve Coleman
>Computer Solutions
>
>

OK. Here's how to do it. You must delegate authority for reverse lookup on
the subnet to your customer. Here's one way to do it (I'm sure there may be
others, but this works quite well).

Assume that the Class C is 207.236.110.0, and that you want to delegate a
subnet of 32
IP addresses starting at 207.236.110.128/27 (making the useable IPs from
207.236.110.129 thru 207.236.110.158 -- 30 IPs).

Also, assume that your customer's DNS servers are called:

ns1.domain.com 207.236.110.129
ns2.domain.com 107.236.110.130

You enter the following into the db.207.236.110 zone file:

129 IN CNAME 129.subnet128.110.236.207.in-addr.arpa.
130 IN CNAME 130.subnet128.110.236.207.in-addr.arpa.
131 IN CNAME 131.subnet128.110.236.207.in-addr.arpa.
132 IN CNAME 132.subnet128.110.236.207.in-addr.arpa.
133 IN CNAME 133.subnet128.110.236.207.in-addr.arpa.
134 IN CNAME 134.subnet128.110.236.207.in-addr.arpa.
..
..
..
..
158 IN CNAME 158.subnet128.110.236.207.in-addr.arpa.

Then add the following lines to delegate the zone to your customer:

subnet128.110.236.207.in-addr.arpa. 86400 IN NS ns1.domain.com.
subnet128.110.236.207.in-addr.arpa. 86400 IN NS ns2.domain.com.

Then, your customer creates a zone file that looks like this:

;
; File: db.207.236.110.subnet128
; Purpose: This file establishes the address-to-name lookup
; information for this zone.
;
;
@ IN SOA ns1.domain.com. hostmaster.domain.com. (
199904001 ; serial number
3600 ; refresh every hour
900 ; retry after 15 minutes
604800 ; expire after 1 week
172800) ; default ttl is 2 days
;
;
;=====> name servers
;
IN NS ns1.domain.com.
IN NS ns2.domain.com.
;
;
;
;-----> Addresses point to canonical name
;
129 IN PTR ns1.domain.com.
130 IN PTR ns2.domain.com.
131 IN PTR host3.domain.com.
132 IN PTR host4.domain.com.
133 IN PTR host5.domain.com.
134 IN PTR host6.domain.com.
..
..
..
..
159 IN PTR host30.domain.com.

Then, in your customer's primary DNS named.boot file, add this line:

primary subnet128.110.236.207.in-addr.arpa db.207.236.110.subnet128

And, in your customer's secondary DNS named.boot file, add this line:

secondary subnet128.110.236.207.in-addr.arpa 207.236.110.129
db.207.236.110.subnet128

Reload the databases on the servers, and everything should just work. Your
customer can now change the hosts that the IPs are pointed at, change the
host names, etc., and the reverse lookup just works.

We delegate reverse lookup on subnets for our clients who want it all the time.

Hope this helps.

Regards,

Randy

Randy Martin
President
Austin Internet
512-485-7977
http://www.austintx.net/