Our organization has a /19 assignment from ARIN. We have given portions of this space to several other companies within our corporate umbrella. Several of these other companies have their own nameservers, and would like to be able to manage DNS on their own for their in-addr.arpa. blocks. What would be the best way to delegate authoritiy for them? ARIN is pointing to our 2 nameservers for the entire /19. Do I need to use some sort of RFC2317 method here, or would I be able to just install zones for each /24 with NS records pointing to the other companies' servers? Also, what are some good ways to test and verify that this is all working? Any pointers would be appreciated. Thanks. -- -- Mike Sawicki (fifi@HAX.ORG)
On Tue, Mar 15, 2005 at 01:02:22PM -0500, Mike Sawicki wrote:
Our organization has a /19 assignment from ARIN. We have given portions of this space to several other companies within our corporate umbrella. Several of these other companies have their own nameservers, and would like to be able to manage DNS on their own for their in-addr.arpa. blocks. What would be the best way to delegate authoritiy for them? ARIN is pointing to our 2 nameservers for the entire /19. Do I need to use some sort of RFC2317 method here, or would I be able to just install zones for each /24 with NS records pointing to the other companies' servers? Also, what are some good ways to test and verify that this is all working?
DNS is very comfortable w/ /24 delegations. try that. DIG is your friend.
Any pointers would be appreciated. Thanks. -- -- Mike Sawicki (fifi@HAX.ORG)
On Tue, 15 Mar 2005, Mike Sawicki wrote:
Our organization has a /19 assignment from ARIN. We have given portions of this space to several other companies within our corporate umbrella. Several of these other companies have their own nameservers, and would like to be able to manage DNS on their own for their in-addr.arpa. blocks. What would be the best way to delegate authoritiy for them? ARIN is pointing to our 2 nameservers for the entire /19. Do I need to use some sort of RFC2317 method here, or would I be able to just install zones for each /24 with NS records pointing to the other companies' servers? Also, what are some good ways to test and verify that this is all working? Either by doing DNS delegation on the zone boundary or by SWIP'ing the space to the other company.
It is very easy to do DNS delegation, say if you have 128.0.0.0/19, and you want to delegate 128.0.1.0/24, in your zone file for 0.128.in-addr.arpa zone put 1 IN NS ns1.othercompany.com 1 IN NS ns2.othercompany.com -alex
alex@pilosoft.com wrote:
Either by doing DNS delegation on the zone boundary or by SWIP'ing the space to the other company.
You can SWIP it yes, but that won't help DNS on small blocks like /24's.
It is very easy to do DNS delegation, say if you have 128.0.0.0/19, and you want to delegate 128.0.1.0/24, in your zone file for 0.128.in-addr.arpa zone put
1 IN NS ns1.othercompany.com 1 IN NS ns2.othercompany.com
The only way it will work is to use RFC2317 or slave the zones from the other name server. Because he does not have the entire /16 you can't just delegate like that. -- Robert Blayzor, BOFH INOC, LLC rblayzor\@(inoc.net|gmail.com) PGP: http://www.inoc.net/~dev/ Key fingerprint = 1E02 DABE F989 BC03 3DF5 0E93 8D02 9D0B CB1A A7B0 Sure it's user-friendly...if you know what you're doing.
On Tue, 15 Mar 2005, Robert Blayzor wrote:
alex@pilosoft.com wrote:
Either by doing DNS delegation on the zone boundary or by SWIP'ing the space to the other company.
You can SWIP it yes, but that won't help DNS on small blocks like /24's.
Huh? Unless I've missed something really obvious, the original requestor has a /19 allocation, say 192.168.32.0/19 . ARIN has DNS-delegated this to the original requestor as a series of /24s, eg: 32.168.192.in-addr.arpa ns1.example.com, ns2.example.com 33.168.192.in-addr.arpa ditto ... 62.168.192.in-addr.arpa ditto 63.168.192.in-addr.arpa ditto There are two solutions. One, he secondaries the appropriate domain from the customers nameservers onto his nameservers. Very easy, since the delegation already points to his nameservers, and he can market this as 'the domain is there even if you are disconnected!'. Or two, he creates a seperate netblock in the ARIN registry describing the customer's /24, and nominates their nameservers instead of his, listing his nameservers as backup just in case. ARIN change the DNS delegation at their next zone generation. Or third, he describes the situation to a friendly ARIN representative, who ought to give the above solutions, as well as suggest getting the DNS & Bind book from O'Reilly for bedtime reading. --==-- Bruce.
participants (5)
-
alex@pilosoft.com
-
bmanning@vacation.karoshi.com
-
Bruce Campbell
-
Mike Sawicki
-
Robert Blayzor