classless delegation [Re: IP address fee??]
Peter van Dijk
peter at dataloss.nl
Fri Sep 6 14:40:07 UTC 2002
On Fri, Sep 06, 2002 at 04:06:40PM +0200, Brad Knowles wrote:
> At 3:32 PM +0200 2002/09/06, Brad Knowles wrote:
> >> Have a look, for example, at the reverses for 193.109.122.192/28 and
> >> let me know if you can find anything wrong with those.
[snip]
> The key phrase is "A correctly operating resolving proxy DNS
> server must discard them ...".
Yes. This is your original complaint about matching apexes with
delegations. I am not violating that condition, however.
> Now, if you wanted to do separate zone files, and make sure that
> each zone file doesn't contain any out-of-zone data, that would be a
> different issue. But this is like handing people sticks of dynamite,
> flamethrowers, and encouraging them to ignite the explosives they're
> holding in their hands.
I am doing separate zone files. Each IP delegated to me is a separate
zone. Now, again, what is wrong with that?
> DNS Expert
> Detailed Report for 192.122.109.193.in-addr.arpa.
> 9/6/02, 4:05 PM, using the analysis setting "Everything"
> ======================================================================
>
> Information
> ----------------------------------------------------------------------
> Serial number: 1031317961
> Primary name server: ns.dataloss.nl.
> Primary mail server: N/A
> Number of records: N/A
>
>
> Errors
> ----------------------------------------------------------------------
> o The reverse zone contains one or more A records
> The reverse domain "192.122.109.193.in-addr.arpa." contains one
> or more A records. A records should only be placed in
> forward-mapping domains.
What A-records is it talking about? I am not seeing any.
[axfr is closed]
[banter about SOA values]
[all servers on the same subnet]
> DNS Expert
> Detailed Report for 193.122.109.193.in-addr.arpa.
> 9/6/02, 4:05 PM, using the analysis setting "Everything"
> ======================================================================
>
> Information
> ----------------------------------------------------------------------
> Serial number: 1031317961
> Primary name server: ns.dataloss.nl.
> Primary mail server: N/A
> Number of records: N/A
>
>
> Errors
> ----------------------------------------------------------------------
> o The reverse zone contains one or more A records
> The reverse domain "193.122.109.193.in-addr.arpa." contains one
> or more A records. A records should only be placed in
> forward-mapping domains.
Again, I am not seeing any A records.
[no axfr]
[soa values]
[all servers on the same subnet]
> What about this?
>
> % dnswalk -ralF 122.109.193.in-addr.arpa.
> Checking 122.109.193.in-addr.arpa.
> Getting zone transfer of 122.109.193.in-addr.arpa. from ns2.bit.nl...done.
> SOA=ns.bit.nl contact=root.bit.nl
[hosts outside my /29]
[failed zonetransfers]
Nothing there that's wrong with my /29.
> DNS Expert
> Detailed Report for 122.109.193.in-addr.arpa.
This is the parent zone.
> 9/6/02, 3:56 PM, using the analysis setting "Everything"
> ======================================================================
>
> Information
> ----------------------------------------------------------------------
> Serial number: 2002090401
> Primary name server: ns.bit.nl.
> Primary mail server: N/A
> Number of records: 112 (34 NS, 0 MX, 0 A, 0 CNAME, 78 PTR, 0
> Other)
>
>
> Errors
> ----------------------------------------------------------------------
[hosts outside my /29]
Indeed, you found some things wrong with the /24 zone, but that was
not the subject, and nothing you found wrong with the /24 is related
to the /29.
Greetz, Peter
--
peter at dataloss.nl | http://www.dataloss.nl/ | Undernet:#clue
More information about the NANOG
mailing list