Re: non-24 bit subnets
You can have a different TTL for each and every record, if you like, in the same zone file with no includes (the $TTL directive can appear multiple times). e.g. : $TTL 300; 5 mins *PTRhost-no-spec.example.com. $TTL 3600; 1 hour 17 PTR mail.example.com. $TTL 1800; 30 mins 18 PTR mail2.example.com. $TTL 86400; 1 day 19PTRwhatever.example.com 20PTRwhatever2.example.com 22PTRwhatever2.example.com Or you can put a TTL on an individual line: $TTL 300; 5 mins *PTRhost-no-spec.example.com. 17 3600 PTR mail.example.com. 18 1800 PTR mail2.example.com. 19PTRwhatever.example.com 20PTRwhatever2.example.com 22PTRwhatever2.example.com Those lines without a TTL get the first $TTL in the zone. -- Barry S. Finkel Computing and Information Systems Division Argonne National Laboratory Phone:+1 (630) 252-7277 9700 South Cass Avenue Facsimile:+1 (630) 252-4601 Building 240, Room 5.B.8 Internet: bsfin...@anl.gov Argonne, IL 60439-4828 IBMMAIL: I1004994 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: non-24 bit subnets
As long as all of the in-addr.arpa data is administered on the same master(s), then just use an 8-bit zone i.e. 10.in-addr.arpa. Everything within the 10 dot range all fits into a single zone. The $INCLUDE directive gives you some independent flexibility, and each record can (should) have its own TTL. -- Gordon A. Lang ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
non-24 bit subnets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, I'm setting up a new DNS server for internal use in the two departments I support. Up until very recently, all our subnets have had 24 bit masks, which has made configuring bind very easy. However, we now have three sizes, and may have more later: for right now, though, it's 22, 24, and 25 bit. There are reasons for splitting things up that way, some good, some bad, and all irrelevant to the discussion at hand. The question is, how do I do it? Is there a simple way? With 24-bit, I would define the files using: zone 200.12.10.in-addr.arpa { type master; file /var/cache/bind/200.12.10.in-addr.arpa.zone; }; zone test.chem.cns { type master; file /var/cache/bind/test.chem.cns.zone; }; Then in 200.12.10.in-addr.arpa.zone hosts are defined with: 11 PTR test1.test.chem.cns. and in test.chem.cns they're defined with: test1 IN A 10.12.200.11 That works, and works reliably. But how do I deal with larger or smaller subnets? Clearly I can't use exactly the same notation, but I assume there has to be a way. If anyone can even point me at some documentation, I'd appreciate it -- I've been looking for a few days, and everything I've found assumes a /24 subnet. Thanks, Alex McKenzie a...@chem.umass.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkysw1gACgkQWFYfIucpZ2OcagCcDqlti0H2j6QSY8nrBqt2NmSC aH4AmgJUu/Ux8jOcY5wsV2xJWQgI3WoD =o909 -END PGP SIGNATURE- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: non-24 bit subnets
For larger subnets just use multiple zones as necessary. For 10.20.30.0/23 you have 30.20.10.in-addr.arpa and 31.20.10.in-addr.arpa. For smaller than a /24 look at RFC 2317. That's only necessary if you want to delegate authority to a different DNS server. If you have multiple networks in a /24, all of the rDNS entries for those networks can exist in a single zone. On Oct 6, 2010, at 1:43 PM, Alex McKenzie wrote: But how do I deal with larger or smaller subnets? Clearly I can't use exactly the same notation, but I assume there has to be a way. If anyone can even point me at some documentation, I'd appreciate it -- I've been looking for a few days, and everything I've found assumes a /24 subnet. -- Matt Baxter m...@fatpipe.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: non-24 bit subnets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks for the quick reply, Matt. Unfortunately, we do have need -- or at least a use -- to have smaller subnets in multiple files, but without delegating authority. The problem is that some of those small subnets should have a shorter TTL, or other settings changed. If there's a way to change all the settings by host in a single file, that would at least make that easier. For larger subnets we can use multiple zones, but I'd hoped to avoid it if possible. It sounds from this like there isn't a way, though. Thanks, Alex Matt Baxter wrote: For larger subnets just use multiple zones as necessary. For 10.20.30.0/23 you have 30.20.10.in-addr.arpa and 31.20.10.in-addr.arpa. For smaller than a /24 look at RFC 2317. That's only necessary if you want to delegate authority to a different DNS server. If you have multiple networks in a /24, all of the rDNS entries for those networks can exist in a single zone. On Oct 6, 2010, at 1:43 PM, Alex McKenzie wrote: But how do I deal with larger or smaller subnets? Clearly I can't use exactly the same notation, but I assume there has to be a way. If anyone can even point me at some documentation, I'd appreciate it -- I've been looking for a few days, and everything I've found assumes a /24 subnet. -- Matt Baxter m...@fatpipe.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkysxzMACgkQWFYfIucpZ2PdoACeJv9m62wR5z2Msfcg+JOG7CEM gOUAnj1lE2pdbkeCZpTFmGLjd+kwA4Zp =QvDF -END PGP SIGNATURE- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: non-24 bit subnets
On Wed, 6 Oct 2010, Alex McKenzie wrote: Unfortunately, we do have need -- or at least a use -- to have smaller subnets in multiple files, but without delegating authority. The problem is that some of those small subnets should have a shorter TTL, or other settings changed. If there's a way to change all the settings by host in a single file, that would at least make that easier. You could use one real zone file which is referenced by named.conf, with $INCLUDE directives in that zone file to pull in the parts of the zone from files containing the subsets you want. A $TTL directive at the top of each small file should give you the variable TTL defaulting you want. For larger subnets we can use multiple zones, but I'd hoped to avoid it if possible. It sounds from this like there isn't a way, though. Right. Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: non-24 bit subnets
On 10/6/2010 3:21 PM, Jay Ford wrote: On Wed, 6 Oct 2010, Alex McKenzie wrote: Unfortunately, we do have need -- or at least a use -- to have smaller subnets in multiple files, but without delegating authority. The problem is that some of those small subnets should have a shorter TTL, or other settings changed. If there's a way to change all the settings by host in a single file, that would at least make that easier. You could use one real zone file which is referenced by named.conf, with $INCLUDE directives in that zone file to pull in the parts of the zone from files containing the subsets you want. A $TTL directive at the top of each small file should give you the variable TTL defaulting you want. You can have a different TTL for each and every record, if you like, in the same zone file with no includes (the $TTL directive can appear multiple times). e.g. : $TTL 300; 5 mins *PTRhost-no-spec.example.com. $TTL 3600; 1 hour 17 PTR mail.example.com. $TTL 1800; 30 mins 18 PTR mail2.example.com. $TTL 86400; 1 day 19PTRwhatever.example.com 20PTRwhatever2.example.com 22PTRwhatever2.example.com ^^ This works for me. For larger subnets we can use multiple zones, but I'd hoped to avoid it if possible. It sounds from this like there isn't a way, though. Right. Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- -___ David Miller Tiggee LLC dmil...@tiggee.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: non-24 bit subnets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Miller wrote: On 10/6/2010 3:21 PM, Jay Ford wrote: On Wed, 6 Oct 2010, Alex McKenzie wrote: Unfortunately, we do have need -- or at least a use -- to have smaller subnets in multiple files, but without delegating authority. The problem is that some of those small subnets should have a shorter TTL, or other settings changed. If there's a way to change all the settings by host in a single file, that would at least make that easier. You could use one real zone file which is referenced by named.conf, with $INCLUDE directives in that zone file to pull in the parts of the zone from files containing the subsets you want. A $TTL directive at the top of each small file should give you the variable TTL defaulting you want. You can have a different TTL for each and every record, if you like, in the same zone file with no includes (the $TTL directive can appear multiple times). e.g. : $TTL 300; 5 mins *PTRhost-no-spec.example.com. $TTL 3600; 1 hour 17 PTR mail.example.com. $TTL 1800; 30 mins 18 PTR mail2.example.com. $TTL 86400; 1 day 19PTRwhatever.example.com 20PTRwhatever2.example.com 22PTRwhatever2.example.com ^^ This works for me. For larger subnets we can use multiple zones, but I'd hoped to avoid it if possible. It sounds from this like there isn't a way, though. Right. Interesting -- I'll keep that in mind. I suspect I can make either that or the INCLUDE directive work for me. Out of curiosity: what if it's a /16 or /8 network? Do those also get built as 24 bit files, or can they be built differently? I seem to recall seeing an option for a reverse lookup file with hosts declared as: x.y PTR host.domain.tld. Does that work, or was that an old format that's been deprecated, or would it never have worked? Thanks, Alex -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkys2NoACgkQWFYfIucpZ2MowQCdEAnTH2n8Ylj2eanapBMXhXoI pEEAn2ePq2ykapSNVNKT2tiocxyKgAsm =70tZ -END PGP SIGNATURE- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: non-24 bit subnets
On Wed, 6 Oct 2010, Alex McKenzie wrote: Out of curiosity: what if it's a /16 or /8 network? Do those also get built as 24 bit files, or can they be built differently? I seem to recall seeing an option for a reverse lookup file with hosts declared as: x.y PTR host.domain.tld. Does that work, or was that an old format that's been deprecated, or would it never have worked? Sure, that works For the /16 case, define the zone like b.a.in-addr.arpa define records like d.c PTR name. for address a.b.c.d. For the /8 case, define the zone like a.in-addr.arpa define records like d.c.b PTR name. for address a.b.c.d. Note the order of the address components in the zone file, with least significant furthest left. Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: non-24 bit subnets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jay Ford wrote: On Wed, 6 Oct 2010, Alex McKenzie wrote: Out of curiosity: what if it's a /16 or /8 network? Do those also get built as 24 bit files, or can they be built differently? I seem to recall seeing an option for a reverse lookup file with hosts declared as: x.yPTRhost.domain.tld. Does that work, or was that an old format that's been deprecated, or would it never have worked? Sure, that works For the /16 case, define the zone like b.a.in-addr.arpa define records like d.c PTR name. for address a.b.c.d. For the /8 case, define the zone like a.in-addr.arpa define records like d.c.b PTR name. for address a.b.c.d. Note the order of the address components in the zone file, with least significant furthest left. Got it. So basically bind can cope with a subnet that falls on an octet boundary, but not inside an octet. That's unfortunate for my purposes, but not unreasonable. Since we actually control the full /16 network (it's an internal NATed network), I may just build my files to match our actual subnets, then include them all this way. I suspect that will wind up with the best balance of human-readability to computer-readability. Thanks again to everyone who responded: I've had to learn DNS and bind as I went along, so there are some fairly large holes in my understanding. (Actually, my understanding is probably 99% holes, with a couple of threads stretching across where I've had to make something work) - -Alex -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkys3zwACgkQWFYfIucpZ2NjJgCfbIT7qexrN50l67xp1BQP0vej nloAn0CtSCEPOCRzh5KY4lMKZLOl0F++ =UM3F -END PGP SIGNATURE- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: non-24 bit subnets
In message 4cacdf3c.9040...@chem.umass.edu, Alex McKenzie writes: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jay Ford wrote: On Wed, 6 Oct 2010, Alex McKenzie wrote: Out of curiosity: what if it's a /16 or /8 network? Do those also get built as 24 bit files, or can they be built differently? I seem to recall seeing an option for a reverse lookup file with hosts declared as: x.yPTRhost.domain.tld. Does that work, or was that an old format that's been deprecated, or would it never have worked? Sure, that works For the /16 case, define the zone like b.a.in-addr.arpa define records like d.c PTR name. for address a.b.c.d. For the /8 case, define the zone like a.in-addr.arpa define records like d.c.b PTR name. for address a.b.c.d. Note the order of the address components in the zone file, with least significant furthest left. Got it. So basically bind can cope with a subnet that falls on an octet boundary, but not inside an octet. That's unfortunate for my purposes, but not unreasonable. A better description is the DNS can cope . Basically it is a well known mapping from IP addresses in to the IN-ADDR.ARPA namespace. This mapping has no knowledge of the subnet boundaries. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users