[lug] forwarding authoritative responses for classful reverse lookups

charles at lunarmedia.net charles at lunarmedia.net
Wed Feb 14 08:53:01 MST 2001 

I found that contacting ARIN is not necessary and all. It just wouldnt be
practical do so when you just want to delegate a /24 from say, a larger
/20 that you have. You would end up calling ARIN every time you add a new
customer, and just think when this customer leaves, you'd have to call
ARIN again. Its easier than that.

What you can do, in turns out, is create your regular zone file:

@ IN SOA my.nameserver.isp hostmaster.nameserver.isp (
	2001021400
	10800
	3600
	604800
	86400 )

	IN NS ns1.nameserver.isp
	IN NS ns2.nameserver.isp


now, put in an NS record in it for each individual ip that you want your
customer to be responsible for:

1  IN   NS   ns1.customer.inc
   IN   NS   ns2.customer.inc
2  IN   NS   ns1.customer.inc
etc...

this will allow your customer to be fully authoritative for reverse
lookups of this block without having to deal with arin everytime you
reassign this block to a new customer. its similar to the classless
reverse delegation, but a bit more simple.

the other option you can do is create a larger aggregate for your block
and assign the smaller blocks with ns records. the downside to this is
that if your nameserver is doing recursive lookups, you need to make sure
that you are authoritative for the larger block as well. so if you have
200.168.192.in-addr.arpa, you can create a 168.192.in-addr.arpa file and
delegate smaller blocks from there:

200  IN  NS  ns1.customer.inc
             ns2.customer.inc

but, if only have a /20 rather than that whole /16, you will have killed
anyone using your nameserver for recursive lookups from finding the rest
of that /16.

so, its a bit crufy, but the first method works pretty well.

-cjm




On Tue, 13 Feb 2001, Sean Reifschneider wrote:

> On Tue, Feb 13, 2001 at 09:37:36PM -0600, charles at lunarmedia.net wrote:
> >i really do not want to have my server act as a slave for the client's
> >nameserver. can't i delegate the block to the client through bind?
>
> In that case, you'll have to get ARIN to change the DNS server(s) listed
> for that block.
>
> Sean
>

More information about the LUG mailing list