On Thu, Apr 9, 2009 at 11:33 AM, Sean Martin <[email protected]> wrote: > However, I'm unsure about how the reverse lookup zone was created. There's a > single reverse lookup zone 69.208.in-addr.arpa.
Hmmm. I believe that means your DNS server will be claiming authority for 208.69.0.0/16. So perhaps ARIN's "common cause" boilerplate was correct after all. > There doesn't appear to be a way to specify the zone as 208.69.0.0/22. Yah, I don't think you can do that with DNS. The <in-addr.arpa.> branch is structured around the "reverse dotted quad" notation. I think I read once about a later RFC which introduced something to support classless delegation, but even that still used the classful DNS structures to "hook in", and I'm not sure the RFC was ever adopted anyway. I'm pretty sure MS-DNS doesn't support it in any event. > Should I create separate reverse lookup zones for each class C range? I think so. I've never used MS-DNS for Internet-facing DNS service myself, but that's what I think you need to do. That's how I do our /24 subnets of 10/8 internally, FWIW. The MS-DNS GUI doesn't group them into a "10.x" folder or anything like that. Under the "Reverse Lookup Zones" folder, I've got folders for "10.0.0.x Subnet", "10.0.10.x Subnet", and so on, all at the same level. But we're running Win2K; might be different in the 2003 GUI. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
