Bind9 reverse Delegation

Posted on 2003-11-05
Last Modified: 2012-05-04
I have a client that we are hosting that is using a full class C.  We are wanting to be able to delegate the class C to them for reverse lookups.   How do you set that up in bind?  I am familiar with standard reverse files, I have never had to setup a reverse delegation to another server though.

Question by:atebit
  • 2
LVL 40

Expert Comment

ID: 9689066
Assuming that you have authority for the Class B that the Class C is part of you can delegate it to them with:         86400  IN  NS  ns1.their-dom.tld.         86400  IN  NS  ns2.their-dom.tld.

in the reverse zone for the Class B. This is covered in detail in Chapter 9 of "DNS and BIND".

Author Comment

ID: 9689591
We have authority for a /21 (XXX.XXX.128.XXX - XXX.XXX.135.XXX)

Currently today I have a separate file for each of my class C's.  Is there a better way to do this?  

LVL 13

Accepted Solution

td_miles earned 500 total points
ID: 9698660
The Class C reverse zones have already been delegated to you and a zone can only be delegated once (ie. you can't "forward" the delegation on to them). You have two options:

1. contact the authority for the Class B that your Class C addresses fall under and get them to redelegate reverse DNS for the Class C you are giving to the client directly to the clients name servers.
2. Leave your server as authorative for the clients' Class C, but make that Class C zone a slave/secondary to a primary one that the client manages on their name server, that way your server will pull the data from theirs.

Reverse DNS is delegated along the octec boundaries and cannot be aggregated. Each Class C address block is a seperate domain. To compare, think about if you had two domains:

Is there any way of aggregating these two domains into a single file ? No, because they are totally seperate domains, as are each of your Class C address block domains. You can aggregate them for routing purposes, but there is no such aggregation for reverse DNS. (so your method for seperate files for each Class C is correct)



Author Comment

ID: 9703342
Thanks for the reply.  I really like the slave idea.... That will help with some other issues :)  


Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now