Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Bind9 reverse Delegation

Posted on 2003-11-05
4
Medium Priority
?
696 Views
Last Modified: 2012-05-04
I have a client that we are hosting that is using a full class C.  We are wanting to be able to delegate the class C to them for reverse lookups.   How do you set that up in bind?  I am familiar with standard reverse files, I have never had to setup a reverse delegation to another server though.

Thanks.
0
Comment
Question by:atebit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 9689066
Assuming that you have in-addr.arpa authority for the Class B that the Class C is part of you can delegate it to them with:

n.n.n.in-addr.arpa.         86400  IN  NS  ns1.their-dom.tld.
n.n.n.in-addr.arpa.         86400  IN  NS  ns2.their-dom.tld.

in the reverse zone for the Class B. This is covered in detail in Chapter 9 of "DNS and BIND".
0
 
LVL 1

Author Comment

by:atebit
ID: 9689591
We have in-addr.arpa authority for a /21 (XXX.XXX.128.XXX - XXX.XXX.135.XXX)

Currently today I have a separate in-addr.arpa file for each of my class C's.  Is there a better way to do this?  

0
 
LVL 13

Accepted Solution

by:
td_miles earned 2000 total points
ID: 9698660
The Class C reverse zones have already been delegated to you and a zone can only be delegated once (ie. you can't "forward" the delegation on to them). You have two options:

1. contact the authority for the Class B that your Class C addresses fall under and get them to redelegate reverse DNS for the Class C you are giving to the client directly to the clients name servers.
2. Leave your server as authorative for the clients' Class C, but make that Class C zone a slave/secondary to a primary one that the client manages on their name server, that way your server will pull the data from theirs.


Reverse DNS is delegated along the octec boundaries and cannot be aggregated. Each Class C address block is a seperate domain. To compare, think about if you had two domains:

company.com
company2.com

Is there any way of aggregating these two domains into a single file ? No, because they are totally seperate domains, as are each of your Class C address block domains. You can aggregate them for routing purposes, but there is no such aggregation for reverse DNS. (so your method for seperate files for each Class C is correct)

reference:
http://www.acmebw.com/askmrdns/archive.php?category=86&question=403
http://www.he.net/adm/reverse.dns.html

0
 
LVL 1

Author Comment

by:atebit
ID: 9703342
Thanks for the reply.  I really like the slave idea.... That will help with some other issues :)  

0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question