Delegating /24's from a /19
Robert Bonomi
bonomi at mail.r-bonomi.com
Tue Mar 15 20:40:08 UTC 2005
> From owner-nanog at merit.edu Tue Mar 15 14:12:12 2005
> Date: Tue, 15 Mar 2005 15:12:10 -0500
> From: Robert Blayzor <rblayzor at inoc.net>
> To: alex at pilosoft.com
> Cc: Mike Sawicki <fifi at HAX.ORG>, nanog at merit.edu
> Subject: Re: Delegating /24's from a /19
>
>
> alex at pilosoft.com wrote:
> > Either by doing DNS delegation on the zone boundary or by SWIP'ing the
> > space to the other company.
>
> You can SWIP it yes, but that won't help DNS on small blocks like /24's.
>
> > It is very easy to do DNS delegation, say if you have 128.0.0.0/19, and
> > you want to delegate 128.0.1.0/24, in your zone file for
> > 0.128.in-addr.arpa zone put
> >
> > 1 IN NS ns1.othercompany.com
> > 1 IN NS ns2.othercompany.com
>
> The only way it will work is to use RFC2317 or slave the zones from the
> other name server. Because he does not have the entire /16 you can't
> just delegate like that.
OK, what am I missing?
*ASSUMPTION*:
The holder of the /16 _has_ delegated rDNS for the 32 /24s to the /19 owner.
The /19 owner can, on it's nameserver, run an "authoritative" zone for
the /16 -- with _its_ /24s listed explicitly, and a wildcard pointing
back to the rDNS nameserver of the /16 owner.
"He who" queries from the outside world will work their way down from the
.arpa zone, to the X.W.in-addr.arpa zone, get referred to the nameserver
at "thiscompany", and get referred to the NS listed for Y.X.W.in-addr.arpa.
which will resolve Z.Y.X.W.in-addr.arpa.
"He who" queries the /19 owner nameserver directly for a Y.X.W.in-addr.arpa
address that lies within the /19 owner's addresses will get answered by
that nameserver, *or* be referred to the client's server. If they ask for
something *outside* the /19 owner's space, the wildcard -- referring to
the 'upstream' (the /16 owner) nameserver kicks in.
_AS_LONG_AS_ the 'delegated to' nameserver has the wildcard in it pointing
back to the 'parent' nameserver, this seems to work just fine. Admittedly,
if the upstream block owner changes the _name_ of it's nameserver(s), the
'delegated to' nameserver requires manual tweaking, but, realistically,
"how often" does _that_ happen?
More information about the NANOG
mailing list