Re: FW: Delegating reverse DNS to a customer
On 18/08/09 20:32, Kevin Darcy wrote: No, you can't do a "sideways" delegation like that. The correct solution, as stated elsewhere, is to get 251.250.63.in-addr.arpa delegated directly from ARIN to the customer. Strictly speaking it is legal to use DNAME at the apex of a zone since DNAME only redirects descendant domains. For example:- 251.250.63.in-addr.arpa. IN DNAME rev.cust.example.com. And in the customer's zone:- 1.rev.cust.example.com. IN PTR ip63-250-251-1.cust.example.com. ip63-250-251-1.cust.example.com. IN A 63.250.251.1 I do not disagree that in arin region swip is the way to go. Just showing that there is MTOWTDI! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: FW: Delegating reverse DNS to a customer
Thank you for everyone's help. I'm going to pursue this with ARIN, since that seems to be the right way to do things. Tim Huffman Director of Engineering Business Only Broadband, LLC O (630) 590-6012 C (630) 340-1925 t...@bobbroadband.com www.bobbroadband.com > -Original Message- > From: bind-users-boun...@lists.isc.org [mailto:bind-users- > boun...@lists.isc.org] On Behalf Of Kevin Darcy > Sent: Tuesday, August 18, 2009 1:33 PM > To: bind-users@lists.isc.org > Subject: Re: FW: Delegating reverse DNS to a customer > > bsfin...@anl.gov wrote: > > On Tue, Aug 18, 2009 at 8:31 AM, Tim Huffman > > wrote: > > > >> Guys, > >> > >> > >> > >> We're a smallish (but growing) ISP, and we've been asked by one of our > >> customers to delegate reverse DNS for 63.250.251.0/24 to their DNS > servers, > >> ns1.emns.com - ns4.emns.com. Unfortunately, we've never had to delegate > DNS > >> to a customer before, and we're having problems getting it to work. > >> > >> > >> > >> We're running BIND 9.5.1 on Fedora. > >> > > > > In your zone > > > > 251.250.63.in-addr.arpa (If you do not have a zone, create it.) > > > > place the following four NS records as delegation records: > > > > @IN NS ns1.emns.com. > > IN NS ns2.emns.com. > > IN NS ns3.emns.com. > > IN NS ns4.emns.com. > > > > I believe that that will delegate the /24 to those servers from your > > servers. The delegation could occur at the parent level, but you > > do not control the parent > > > > 250.63.in-addr.arpa > > > > zone. > > > No, you can't do a "sideways" delegation like that. > > The correct solution, as stated elsewhere, is to get > 251.250.63.in-addr.arpa delegated directly from ARIN to the customer. > > - Kevin > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: FW: Delegating reverse DNS to a customer
bsfin...@anl.gov wrote: On Tue, Aug 18, 2009 at 8:31 AM, Tim Huffman wrote: Guys, We're a smallish (but growing) ISP, and we've been asked by one of our customers to delegate reverse DNS for 63.250.251.0/24 to their DNS servers, ns1.emns.com - ns4.emns.com. Unfortunately, we've never had to delegate DNS to a customer before, and we're having problems getting it to work. We're running BIND 9.5.1 on Fedora. In your zone 251.250.63.in-addr.arpa (If you do not have a zone, create it.) place the following four NS records as delegation records: @IN NS ns1.emns.com. IN NS ns2.emns.com. IN NS ns3.emns.com. IN NS ns4.emns.com. I believe that that will delegate the /24 to those servers from your servers. The delegation could occur at the parent level, but you do not control the parent 250.63.in-addr.arpa zone. No, you can't do a "sideways" delegation like that. The correct solution, as stated elsewhere, is to get 251.250.63.in-addr.arpa delegated directly from ARIN to the customer. - Kevin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
FW: Delegating reverse DNS to a customer
On Tue, Aug 18, 2009 at 8:31 AM, Tim Huffman wrote: > Guys, > > > > We're a smallish (but growing) ISP, and we've been asked by one of our > customers to delegate reverse DNS for 63.250.251.0/24 to their DNS servers, > ns1.emns.com - ns4.emns.com. Unfortunately, we've never had to delegate DNS > to a customer before, and we're having problems getting it to work. > > > > We're running BIND 9.5.1 on Fedora. In your zone 251.250.63.in-addr.arpa (If you do not have a zone, create it.) place the following four NS records as delegation records: @IN NS ns1.emns.com. IN NS ns2.emns.com. IN NS ns3.emns.com. IN NS ns4.emns.com. I believe that that will delegate the /24 to those servers from your servers. The delegation could occur at the parent level, but you do not control the parent 250.63.in-addr.arpa zone. -- Barry S. Finkel Computing and Information Systems Division Argonne National Laboratory Phone:+1 (630) 252-7277 9700 South Cass Avenue Facsimile:+1 (630) 252-4601 Building 222, Room D209 Internet: bsfin...@anl.gov Argonne, IL 60439-4828 IBMMAIL: I1004994 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Delegating reverse DNS to a customer
In message , Chris Hills writes: > On 18/08/09 15:55, Ben Bridges wrote: > > Since the CIDR block you have been allocated containing 63.250.251.0/24 > > is smaller than a /16, ARIN is delegating authority for the IN-ADDR.ARPA > > zones for each of your /24's directly to your dns servers. In order for > > your customer's dns servers to be authoritative for > > 251.250.63.IN-ADDR.ARPA, you're going to have to have ARIN delegate the > > zone to your customer's servers. If you have not already SWIP'ed the /24 > > to your customer, then you'll want to do so using the detailed > > reassignment template > > (https://www.arin.net/resources/templates/reassign-detailed.txt, I > > think). If you have already SWIP'ed the space to them, then you'll need > > to submit the net-mod template > > (https://www.arin.net/resources/templates/netmod.txt, I think) for the > > /24. (Note: I'm not the person who submits SWIP templates in our > > organization, so I might be wrong about the particular templates to use. > > But the principle is still valid. It's the SWIP information filed with > > ARIN that determines what dns servers are authoritative for the > > in-addr.arpa zones for your /24's.) > > Ben > > Alternatively it is possible to delegate it using the CNAME trick used > for sub-/24 allocations, which will require 256 dns records that can be > made using $GENERATE. > > For example:- > > $TTL 86400 > $GENERATE 0-255 $ IN CNAME $.0-255.251.250.63.in-addr.arpa. > 0-255.251.250.63.in-addr.arpa. IN NS ns1.emns.com. > 0-255.251.250.63.in-addr.arpa. IN NS ns2.emns.com. > 0-255.251.250.63.in-addr.arpa. IN NS ns3.emns.com. > 0-255.251.250.63.in-addr.arpa. IN NS ns4.emns.com. > > Then the customer will need to configure the zone > 0-255.251.250.63.in-addr.arpa. as if it were 251.250.63.in-addr.arpa. > > Regards, > > Chris But why make it more complicated than it has to be for the customer or the ISP? All the RIR's and LIR's are setup to handle this sort of delegation. This is day-to-day operations for them and they will help ISP's get this right if the ISP asks for help. It also removes the ISP's servers from the reverse resolution process so there is one less thing to break. The customer still needs to go through the ISP to change the servers so the ISP still has control. The original request was for how to do this correctly and in my book that is to swip the delegation. Mark > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Delegating reverse DNS to a customer
On 18/08/09 15:55, Ben Bridges wrote: Since the CIDR block you have been allocated containing 63.250.251.0/24 is smaller than a /16, ARIN is delegating authority for the IN-ADDR.ARPA zones for each of your /24's directly to your dns servers. In order for your customer's dns servers to be authoritative for 251.250.63.IN-ADDR.ARPA, you're going to have to have ARIN delegate the zone to your customer's servers. If you have not already SWIP'ed the /24 to your customer, then you'll want to do so using the detailed reassignment template (https://www.arin.net/resources/templates/reassign-detailed.txt, I think). If you have already SWIP'ed the space to them, then you'll need to submit the net-mod template (https://www.arin.net/resources/templates/netmod.txt, I think) for the /24. (Note: I'm not the person who submits SWIP templates in our organization, so I might be wrong about the particular templates to use. But the principle is still valid. It's the SWIP information filed with ARIN that determines what dns servers are authoritative for the in-addr.arpa zones for your /24's.) Ben Alternatively it is possible to delegate it using the CNAME trick used for sub-/24 allocations, which will require 256 dns records that can be made using $GENERATE. For example:- $TTL 86400 $GENERATE 0-255 $ IN CNAME $.0-255.251.250.63.in-addr.arpa. 0-255.251.250.63.in-addr.arpa. IN NS ns1.emns.com. 0-255.251.250.63.in-addr.arpa. IN NS ns2.emns.com. 0-255.251.250.63.in-addr.arpa. IN NS ns3.emns.com. 0-255.251.250.63.in-addr.arpa. IN NS ns4.emns.com. Then the customer will need to configure the zone 0-255.251.250.63.in-addr.arpa. as if it were 251.250.63.in-addr.arpa. Regards, Chris ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Delegating reverse DNS to a customer
Since the CIDR block you have been allocated containing 63.250.251.0/24 is smaller than a /16, ARIN is delegating authority for the IN-ADDR.ARPA zones for each of your /24's directly to your dns servers. In order for your customer's dns servers to be authoritative for 251.250.63.IN-ADDR.ARPA, you're going to have to have ARIN delegate the zone to your customer's servers. If you have not already SWIP'ed the /24 to your customer, then you'll want to do so using the detailed reassignment template (https://www.arin.net/resources/templates/reassign-detailed.txt, I think). If you have already SWIP'ed the space to them, then you'll need to submit the net-mod template (https://www.arin.net/resources/templates/netmod.txt, I think) for the /24. (Note: I'm not the person who submits SWIP templates in our organization, so I might be wrong about the particular templates to use. But the principle is still valid. It's the SWIP information filed with ARIN that determines what dns servers are authoritative for the in-addr.arpa zones for your /24's.) Ben From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Tim Huffman Sent: Tuesday, August 18, 2009 7:32 AM To: bind-users@lists.isc.org Subject: Delegating reverse DNS to a customer Guys, We're a smallish (but growing) ISP, and we've been asked by one of our customers to delegate reverse DNS for 63.250.251.0/24 to their DNS servers, ns1.emns.com - ns4.emns.com. Unfortunately, we've never had to delegate DNS to a customer before, and we're having problems getting it to work. We're running BIND 9.5.1 on Fedora. Can anyone give me an example of how this should be done in named.conf and the file 251.250.63.in-addr.arpa.zone? I'd appreciate it! -- Tim ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
FW: Delegating reverse DNS to a customer
Right now, I don't have a zone 250.63.in-addr.arpa (I only have the individual zones for each class C, 224.250.63.in-addr.arpa, 225.250.63.in-addr.arpa, and so on). So I need to create the zone 250.63.in-addr.arpa? I want to make sure that won't break my other reverse DNS zones... Thanks for your help! > > -Original Message- > > From: aad [mailto:ali.da...@gmail.com] > > Sent: Tuesday, August 18, 2009 8:13 AM > > To: Tim Huffman > > Subject: Re: Delegating reverse DNS to a customer > > > > Hi Tim, > > > > Give the following a try: > > > > In your named.conf: > > > > zone "250.63.in-addr.arpa" IN { > > type master; > > file "250.63.in-addr.arpa.zone"; > > allow-update { none; }; > > }; > > > > In the reverse zonefile on your server: > > > > 250.63.in-addr.arpa. > > > > 251 IN NS ns1.emns.com. > > IN NS ns4.emns.com. > > > > > > In your customer's named.conf: > > > > zone "251.250.63.in-addr.arpa" IN { > > type master; > > file "251.250.63.in-addr.arpa.zone"; > > allow-update { none; }; > > }; > > > > In your customer's reverse zonefile: > > > > 251.250.63.in-addr.arpa: > > > > 2 IN PTR whateverhost.emns.com. > > > > > > > > > > On Tue, Aug 18, 2009 at 8:31 AM, Tim Huffman > wrote: > > > Guys, > > > > > > > > > > > > We're a smallish (but growing) ISP, and we've been asked by one of our > > > customers to delegate reverse DNS for 63.250.251.0/24 to their DNS > > servers, > > > ns1.emns.com - ns4.emns.com. Unfortunately, we've never had to > delegate > > DNS > > > to a customer before, and we're having problems getting it to work. > > > > > > > > > > > > We're running BIND 9.5.1 on Fedora. > > > > > > > > > > > > Can anyone give me an example of how this should be done in named.conf > > and > > > the file 251.250.63.in-addr.arpa.zone? I'd appreciate it! > > > > > > > > > > > > -- > > > > > > Tim > > > > > > > > > > > > ___ > > > bind-users mailing list > > > bind-users@lists.isc.org > > > https://lists.isc.org/mailman/listinfo/bind-users > > > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Delegating reverse DNS to a customer
The issue is probably that you need to delegate the 251.250.63.in-addr.arpa to your client in the 250.63.in-addr.arpa zone. If you load 251.250.63.in-addr.arpa to try and delegate it, your servers will answer for it because they load it. Think of it in the same mind of delegating a forward subdomain of a domain you load. If you want to delegate foo.bar.com to someone you put the NS records in bar.com not foo.bar.com. -- -Ben Croswell On Tue, Aug 18, 2009 at 8:31 AM, Tim Huffman wrote: > Guys, > > > > We’re a smallish (but growing) ISP, and we’ve been asked by one of our > customers to delegate reverse DNS for 63.250.251.0/24 to their DNS > servers, ns1.emns.com – ns4.emns.com. Unfortunately, we’ve never had to > delegate DNS to a customer before, and we’re having problems getting it to > work. > > > > We’re running BIND 9.5.1 on Fedora. > > > > Can anyone give me an example of how this should be done in named.conf and > the file 251.250.63.in-addr.arpa.zone? I’d appreciate it! > > > > -- > > Tim > > > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Delegating reverse DNS to a customer
Guys, We're a smallish (but growing) ISP, and we've been asked by one of our customers to delegate reverse DNS for 63.250.251.0/24 to their DNS servers, ns1.emns.com - ns4.emns.com. Unfortunately, we've never had to delegate DNS to a customer before, and we're having problems getting it to work. We're running BIND 9.5.1 on Fedora. Can anyone give me an example of how this should be done in named.conf and the file 251.250.63.in-addr.arpa.zone? I'd appreciate it! -- Tim ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users