Re: non-24 bit subnets

2010-10-07 Thread Barry Finkel 

You can have a different TTL for each and every record, if you like, in 
the same zone file with no includes (the $TTL directive can appear 
multiple times).

e.g. :

$TTL 300; 5 mins
*PTRhost-no-spec.example.com.
$TTL 3600; 1 hour
17   PTR   mail.example.com.
$TTL 1800; 30 mins
18   PTR   mail2.example.com.
$TTL 86400;  1 day
19PTRwhatever.example.com
20PTRwhatever2.example.com
22PTRwhatever2.example.com

Or you can put a TTL on an individual line:

 $TTL 300; 5 mins
 *PTRhost-no-spec.example.com.
 17  3600  PTR   mail.example.com.
 18  1800  PTR   mail2.example.com.
 19PTRwhatever.example.com
 20PTRwhatever2.example.com
 22PTRwhatever2.example.com

Those lines without a TTL get the first $TTL in the zone.
--
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory  Phone:+1 (630) 252-7277
9700 South Cass Avenue   Facsimile:+1 (630) 252-4601
Building 240, Room 5.B.8 Internet: bsfin...@anl.gov
Argonne, IL   60439-4828 IBMMAIL:  I1004994

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: non-24 bit subnets

2010-10-07 Thread Gordon A. Lang 

As long as all of the in-addr.arpa data is administered on the same
master(s), then just use an 8-bit zone i.e. 10.in-addr.arpa.
Everything within the 10 dot range all fits into a single zone.
The $INCLUDE directive gives you some independent flexibility,
and each record can (should) have its own TTL.

--
Gordon A. Lang
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

non-24 bit subnets

2010-10-06 Thread Alex McKenzie 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Greetings,

  I'm setting up a new DNS server for internal use in the two
departments I support.  Up until very recently, all our subnets have had
24 bit masks, which has made configuring bind very easy.  However, we
now have three sizes, and may have more later:  for right now, though,
it's 22, 24, and 25 bit.  There are reasons for splitting things up that
way, some good, some bad, and all irrelevant to the discussion at hand.

  The question is, how do I do it?  Is there a simple way?  With 24-bit,
I would define the files using:

zone 200.12.10.in-addr.arpa {
type master;
file /var/cache/bind/200.12.10.in-addr.arpa.zone;
};

zone test.chem.cns {
type master;
file /var/cache/bind/test.chem.cns.zone;
};


Then in 200.12.10.in-addr.arpa.zone hosts are defined with:

11  PTR test1.test.chem.cns.

and in test.chem.cns they're defined with:

test1   IN  A   10.12.200.11


That works, and works reliably.

  But how do I deal with larger or smaller subnets?  Clearly I can't use
exactly the same notation, but I assume there has to be a way.  If
anyone can even point me at some documentation, I'd appreciate it --
I've been looking for a few days, and everything I've found assumes a
/24 subnet.


Thanks,
  Alex McKenzie
  a...@chem.umass.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkysw1gACgkQWFYfIucpZ2OcagCcDqlti0H2j6QSY8nrBqt2NmSC
aH4AmgJUu/Ux8jOcY5wsV2xJWQgI3WoD
=o909
-END PGP SIGNATURE-
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: non-24 bit subnets

2010-10-06 Thread Matt Baxter 
For larger subnets just use multiple zones as necessary.  

For 10.20.30.0/23 you have 30.20.10.in-addr.arpa and 31.20.10.in-addr.arpa.

For smaller than a /24 look at RFC 2317.  That's only necessary if you want to 
delegate authority to a different DNS server.  If you have multiple networks in 
a /24, all of the rDNS entries for those networks can exist in a single zone.


On Oct 6, 2010, at 1:43 PM, Alex McKenzie wrote:
  But how do I deal with larger or smaller subnets?  Clearly I can't use
 exactly the same notation, but I assume there has to be a way.  If
 anyone can even point me at some documentation, I'd appreciate it --
 I've been looking for a few days, and everything I've found assumes a
 /24 subnet.

--
Matt Baxter
m...@fatpipe.org



___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: non-24 bit subnets

2010-10-06 Thread Alex McKenzie 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thanks for the quick reply, Matt.

Unfortunately, we do have need -- or at least a use -- to have smaller
subnets in multiple files, but without delegating authority.  The
problem is that some of those small subnets should have a shorter TTL,
or other settings changed.  If there's a way to change all the settings
by host in a single file, that would at least make that easier.

For larger subnets we can use multiple zones, but I'd hoped to avoid it
if possible.  It sounds from this like there isn't a way, though.

Thanks,
  Alex

Matt Baxter wrote:
 For larger subnets just use multiple zones as necessary.  
 
 For 10.20.30.0/23 you have 30.20.10.in-addr.arpa and 31.20.10.in-addr.arpa.
 
 For smaller than a /24 look at RFC 2317.  That's only necessary if you want 
 to delegate authority to a different DNS server.  If you have multiple 
 networks in a /24, all of the rDNS entries for those networks can exist in a 
 single zone.
 
 
 On Oct 6, 2010, at 1:43 PM, Alex McKenzie wrote:
  But how do I deal with larger or smaller subnets?  Clearly I can't use
 exactly the same notation, but I assume there has to be a way.  If
 anyone can even point me at some documentation, I'd appreciate it --
 I've been looking for a few days, and everything I've found assumes a
 /24 subnet.
 
 --
 Matt Baxter
 m...@fatpipe.org
 
 
 
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkysxzMACgkQWFYfIucpZ2PdoACeJv9m62wR5z2Msfcg+JOG7CEM
gOUAnj1lE2pdbkeCZpTFmGLjd+kwA4Zp
=QvDF
-END PGP SIGNATURE-
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: non-24 bit subnets

2010-10-06 Thread Jay Ford 

On Wed, 6 Oct 2010, Alex McKenzie wrote:

Unfortunately, we do have need -- or at least a use -- to have smaller
subnets in multiple files, but without delegating authority.  The
problem is that some of those small subnets should have a shorter TTL,
or other settings changed.  If there's a way to change all the settings
by host in a single file, that would at least make that easier.


You could use one real zone file which is referenced by named.conf, with 
$INCLUDE directives in that zone file to pull in the parts of the zone from 
files containing the subsets you want.  A $TTL directive at the top of each 
small file should give you the variable TTL defaulting you want.



For larger subnets we can use multiple zones, but I'd hoped to avoid it
if possible.  It sounds from this like there isn't a way, though.


Right.


Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: non-24 bit subnets

2010-10-06 Thread David Miller 

 On 10/6/2010 3:21 PM, Jay Ford wrote:

On Wed, 6 Oct 2010, Alex McKenzie wrote:

Unfortunately, we do have need -- or at least a use -- to have smaller
subnets in multiple files, but without delegating authority.  The
problem is that some of those small subnets should have a shorter TTL,
or other settings changed.  If there's a way to change all the settings
by host in a single file, that would at least make that easier.


You could use one real zone file which is referenced by named.conf, 
with $INCLUDE directives in that zone file to pull in the parts of the 
zone from files containing the subsets you want.  A $TTL directive at 
the top of each small file should give you the variable TTL defaulting 
you want.




You can have a different TTL for each and every record, if you like, in 
the same zone file with no includes (the $TTL directive can appear 
multiple times).


e.g. :

$TTL 300; 5 mins
*PTRhost-no-spec.example.com.
$TTL 3600; 1 hour
17   PTR   mail.example.com.
$TTL 1800; 30 mins
18   PTR   mail2.example.com.
$TTL 86400;  1 day
19PTRwhatever.example.com
20PTRwhatever2.example.com
22PTRwhatever2.example.com

^^ This works for me.


For larger subnets we can use multiple zones, but I'd hoped to avoid it
if possible.  It sounds from this like there isn't a way, though.


Right.


Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



--
-___
David Miller
Tiggee LLC
dmil...@tiggee.com

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: non-24 bit subnets

2010-10-06 Thread Alex McKenzie 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



David Miller wrote:
  On 10/6/2010 3:21 PM, Jay Ford wrote:
 On Wed, 6 Oct 2010, Alex McKenzie wrote:
 Unfortunately, we do have need -- or at least a use -- to have smaller
 subnets in multiple files, but without delegating authority.  The
 problem is that some of those small subnets should have a shorter TTL,
 or other settings changed.  If there's a way to change all the settings
 by host in a single file, that would at least make that easier.

 You could use one real zone file which is referenced by named.conf,
 with $INCLUDE directives in that zone file to pull in the parts of the
 zone from files containing the subsets you want.  A $TTL directive at
 the top of each small file should give you the variable TTL defaulting
 you want.

 
 You can have a different TTL for each and every record, if you like, in
 the same zone file with no includes (the $TTL directive can appear
 multiple times).
 
 e.g. :
 
 $TTL 300; 5 mins
 *PTRhost-no-spec.example.com.
 $TTL 3600; 1 hour
 17   PTR   mail.example.com.
 $TTL 1800; 30 mins
 18   PTR   mail2.example.com.
 $TTL 86400;  1 day
 19PTRwhatever.example.com
 20PTRwhatever2.example.com
 22PTRwhatever2.example.com
 
 ^^ This works for me.
 
 For larger subnets we can use multiple zones, but I'd hoped to avoid it
 if possible.  It sounds from this like there isn't a way, though.

 Right.


Interesting -- I'll keep that in mind.  I suspect I can make either that
or the INCLUDE directive work for me.


Out of curiosity:  what if it's a /16 or /8 network?  Do those also get
built as 24 bit files, or can they be built differently?  I seem to
recall seeing an option for a reverse lookup file with hosts declared as:

x.y PTR host.domain.tld.

Does that work, or was that an old format that's been deprecated, or
would it never have worked?

Thanks,
  Alex
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkys2NoACgkQWFYfIucpZ2MowQCdEAnTH2n8Ylj2eanapBMXhXoI
pEEAn2ePq2ykapSNVNKT2tiocxyKgAsm
=70tZ
-END PGP SIGNATURE-
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: non-24 bit subnets

2010-10-06 Thread Jay Ford 

On Wed, 6 Oct 2010, Alex McKenzie wrote:

Out of curiosity:  what if it's a /16 or /8 network?  Do those also get
built as 24 bit files, or can they be built differently?  I seem to
recall seeing an option for a reverse lookup file with hosts declared as:

x.y PTR host.domain.tld.

Does that work, or was that an old format that's been deprecated, or
would it never have worked?


Sure, that works

For the /16 case, define the zone like b.a.in-addr.arpa  define records like
d.c PTR name. for address a.b.c.d.

For the /8 case, define the zone like a.in-addr.arpa  define records like
d.c.b PTR name. for address a.b.c.d.

Note the order of the address components in the zone file, with least
significant furthest left.


Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: non-24 bit subnets

2010-10-06 Thread Alex McKenzie 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



Jay Ford wrote:
 On Wed, 6 Oct 2010, Alex McKenzie wrote:
 Out of curiosity:  what if it's a /16 or /8 network?  Do those also get
 built as 24 bit files, or can they be built differently?  I seem to
 recall seeing an option for a reverse lookup file with hosts declared as:

 x.yPTRhost.domain.tld.

 Does that work, or was that an old format that's been deprecated, or
 would it never have worked?
 
 Sure, that works
 
 For the /16 case, define the zone like b.a.in-addr.arpa  define records
 like
 d.c PTR name. for address a.b.c.d.
 
 For the /8 case, define the zone like a.in-addr.arpa  define records like
 d.c.b PTR name. for address a.b.c.d.
 
 Note the order of the address components in the zone file, with least
 significant furthest left.

Got it.  So basically bind can cope with a subnet that falls on an octet
boundary, but not inside an octet.  That's unfortunate for my purposes,
but not unreasonable.

Since we actually control the full /16 network (it's an internal NATed
network), I may just build my files to match our actual subnets, then
include them all this way.  I suspect that will wind up with the best
balance of human-readability to computer-readability.


Thanks again to everyone who responded:  I've had to learn DNS and bind
as I went along, so there are some fairly large holes in my
understanding.  (Actually, my understanding is probably 99% holes, with
a couple of threads stretching across where I've had to make something
work)

- -Alex
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkys3zwACgkQWFYfIucpZ2NjJgCfbIT7qexrN50l67xp1BQP0vej
nloAn0CtSCEPOCRzh5KY4lMKZLOl0F++
=UM3F
-END PGP SIGNATURE-
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: non-24 bit subnets

2010-10-06 Thread Mark Andrews 

In message 4cacdf3c.9040...@chem.umass.edu, Alex McKenzie writes:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 
 
 Jay Ford wrote:
  On Wed, 6 Oct 2010, Alex McKenzie wrote:
  Out of curiosity:  what if it's a /16 or /8 network?  Do those also get
  built as 24 bit files, or can they be built differently?  I seem to
  recall seeing an option for a reverse lookup file with hosts declared as:
 
  x.yPTRhost.domain.tld.
 
  Does that work, or was that an old format that's been deprecated, or
  would it never have worked?
  
  Sure, that works
  
  For the /16 case, define the zone like b.a.in-addr.arpa  define records
  like
  d.c PTR name. for address a.b.c.d.
  
  For the /8 case, define the zone like a.in-addr.arpa  define records like
  d.c.b PTR name. for address a.b.c.d.
  
  Note the order of the address components in the zone file, with least
  significant furthest left.
 
 Got it.  So basically bind can cope with a subnet that falls on an octet
 boundary, but not inside an octet.  That's unfortunate for my purposes,
 but not unreasonable.

A better description is the DNS can cope .  Basically it is
a well known mapping from IP addresses in to the IN-ADDR.ARPA
namespace.  This mapping has no knowledge of the subnet boundaries.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users