nanog mailing list archives

Re: Delegating /24's from a /19

From: Robert Bonomi <bonomi () mail r-bonomi com>
Date: Tue, 15 Mar 2005 14:40:08 -0600 (CST)

From owner-nanog () merit edu  Tue Mar 15 14:12:12 2005
Date: Tue, 15 Mar 2005 15:12:10 -0500
From: Robert Blayzor <rblayzor () inoc net>
To: alex () pilosoft com
Cc: Mike Sawicki <fifi () HAX ORG>, nanog () merit edu
Subject: Re: Delegating /24's from a /19


alex () pilosoft com wrote:

Either by doing DNS delegation on the zone boundary or by SWIP'ing the 
space to the other company.


You can SWIP it yes, but that won't help DNS on small blocks like /24's.

It is very easy to do DNS delegation, say if you have 128.0.0.0/19, and 
you want to delegate 128.0.1.0/24, in your zone file for 
0.128.in-addr.arpa zone put 

1 IN        NS      ns1.othercompany.com
1 IN        NS      ns2.othercompany.com


The only way it will work is to use RFC2317 or slave the zones from the
other name server.  Because he does not have the entire /16 you can't
just delegate like that.


OK, what am I missing?

*ASSUMPTION*:
  The holder of the /16 _has_ delegated rDNS for the 32  /24s to the /19 owner.

The /19 owner can, on it's nameserver, run an "authoritative" zone for
the /16 -- with _its_ /24s listed explicitly, and a wildcard pointing 
back to the rDNS nameserver of the /16 owner.

"He who" queries from the outside world will work their way down from the
.arpa zone, to the  X.W.in-addr.arpa  zone, get referred to the nameserver
at "thiscompany", and get referred to the NS listed for Y.X.W.in-addr.arpa.
which will resolve  Z.Y.X.W.in-addr.arpa.

"He who" queries the /19 owner nameserver directly for a Y.X.W.in-addr.arpa 
address that lies within the /19 owner's addresses will get answered by
that nameserver, *or* be referred to the client's server. If they ask for
something *outside* the  /19 owner's space, the wildcard -- referring to
the 'upstream' (the /16 owner) nameserver kicks in.

_AS_LONG_AS_ the 'delegated to' nameserver has the wildcard in it pointing
back to the 'parent' nameserver, this seems to work just fine. Admittedly,
if the upstream block owner changes the _name_ of it's nameserver(s), the
'delegated to' nameserver  requires manual tweaking, but, realistically,
"how often" does _that_ happen?

Current thread:

Delegating /24's from a /19 Mike Sawicki (Mar 15)
- Re: Delegating /24's from a /19 bmanning (Mar 15)
- Re: Delegating /24's from a /19 alex (Mar 15)
  - Re: Delegating /24's from a /19 Robert Blayzor (Mar 15)
    - Re: Delegating /24's from a /19 Bruce Campbell (Mar 15)
- <Possible follow-ups>
- Re: Delegating /24's from a /19 Robert Bonomi (Mar 15)
  - Re: Delegating /24's from a /19 Mark Andrews (Mar 15)
    - Re: Delegating /24's from a /19 Owen DeLong (Mar 15)
    - Re: Delegating /24's from a /19 Mark Andrews (Mar 15)
    - Re: Delegating /24's from a /19 Owen DeLong (Mar 15)
    - Re: Delegating /24's from a /19 Mark Andrews (Mar 15)
    - Re: Delegating /24's from a /19 Edward Lewis (Mar 16)
    - Message not available
    - Re: Delegating /24's from a /19 Edward Lewis (Mar 16)
    - Re: Delegating /24's from a /19 Edward Lewis (Mar 16)
    - Re: Delegating /24's from a /19 Mark Andrews (Mar 16)
    - Re: Delegating /24's from a /19 Owen DeLong (Mar 16)

(Thread continues...)