Reverse Delegations for Classless Nets

Previous page
Table of content
Next page

The fact that emperor.penguin.bv was assigned a classless net complicates reverse lookups. DNS can delegate only zones at the dots (.) in the domain names. But a classless net is specifically not divided at a dot; instead, one or more bits are divided into one of the octets, probably the last one.

As explained in RFC 1466, the use of classless nets is necessary to keep the Internet functioning. However, because this scheme was devised after DNS's reverse lookup method was established, the reverse lookup method was not designed to cope with this situation.

The problem, restated, is that DNS can delegate only whole A, B, or C nets, which are all divided at octet boundaries. After someone is delegated a net smaller than C, administration of the reverse lookup zone can't be delegated because one zone can't be partitioned across several servers.

A fix well, almost a fix has been devised. RFC 2317 describes this fix. The trick is to let DNS follow its normal order of resolution, but once you get to the partitioned address octet, you insert a CNAME record instead of the expected NS/A or PTR records. The CNAME record gives an obfuscated name, which DNS then proceeds to resolve into a PTR record in the normal manner though the name is a bit strange.

In the case of the Emperor office of Penguin AS, the ISP sets up a reverse zone for 192.168.56, containing CNAME records. This is the contents, less the opening formalia, of the 56.168.192.in-addr.arpa zone at the ISP:

 ; 0-127 subnet 1               CNAME   1.0-127.56.168.192.in-addr.arpa. 2               CNAME   2.0-127.56.168.192.in-addr.arpa. … 126             CNAME   126.0.56.168.192.in-addr.arpa. ; ; 128-255 subnet ; 129             CNAME   129.128-255.56.168.192.in-addr.arpa. 130             CNAME   130.128-255.56.168.192.in-addr.arpa. … 254             CNAME   254.128-255.56.168.192.in-addr.arpa. ; 0-127           NS      ns.emperor.penguin.bv. 0-127           NS      ns.herring.bv. 128-255         NS      ns.walruss.bv. 128-255         NS      ns2.psi.net.

In the course of resolving 1.56.168.129.in-addr.arpa, DNS will find a CNAME record pointing to 1.0-127.56.168.192.in-addr.arpa. DNS knows how to resolve that name even if it is odd- looking. As the zone shows, the 0-127.56.168.192.in-addr.arpa zone is delegated to the emperor nameservers.

Note that RFC 2317 uses a slash (/) of subnetting bitmasks for the CNAME record names. However, the use of a slash in domain names is not strictly allowed and it is now discouraged. The scheme shown in the previous code, start-end, is one of the legal alternatives.

On the emperor servers, a zone now must be set to resolve these addresses. This is part of the 0-127.56.168.192.in-addr.arpa zone:

 1               PTR     gw.emperor.penguin.bv. 2               PTR     ftp.emperor.penguin.bv. 3               PTR     ns.emperor.penguin.bv.

I haven't shown you any forward zones for emperor.penguin.bv, but the contents of this reverse zone are quite unremarkable, only the name is a bit odd. At walruss.bv, an equally unremarkable corresponding zone will be set up for 128-255.56.168.192.in-addr.arpa.

The observant reader will notice that it is rather tedious to type in the 56.168.192.in-addr.arpa zone. The zone contains 256 records of mind-numbing likeness. Fortunately, BIND 8 has a cure for this. The zone shown previously could be written like the following, still less formalia:

 $GENERATE 0-127         $     CNAME  $.0-127.56.168.192.in-addr.arpa.  $GENERATE 128-255       $     CNAME  $.128-255.56.168.192.in-addr.arpa.

This is a rather straightforward loop declaration. The first line says to loop from 1 126, and for each number to generate CNAME records with the given name replacing all occurrences of $ with the number. The second line does the same thing, but for 128 255 and a slightly different name.

Recalling the walrus.bv zone, a similar use of numbers exists there. It too can be replaced by $GENERATE:

 $GENERATE 200-254       ws-177$         A       206.6.177.$ $GENERATE 200-254       ws-177$         MX 10   walrus.bv.

Is this cool or what? As you might have noticed, I believe in any device that can save typing. The same goes for Walrus's reverse zone:

 $GENERATE 200-254       $               PTR     ws-177$.walrus.bv.

For an alternative discussion of this topic, please read RFC 2317.

Previous page
Table of content
Next page
The Concise Guide to DNS and BIND
The Concise Guide to DNS and BIND
ISBN: 0789722739
EAN: 2147483647
Year: 1999
Pages: 183
Authors: Nicolai Langfeldt
BUY ON AMAZON
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
C & Data Structures (Charles River Media Computer Engineering)
MySQL Cookbook
The Java Tutorial: A Short Course on the Basics, 4th Edition
Twisted Network Programming Essentials
Junos Cookbook (Cookbooks (OReilly))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy