From owner-freebsd-stable Thu Oct 4 3:44:26 2001 Delivered-To: freebsd-stable@freebsd.org Received: from penfold.transactionware.com (penfold.transactionware.com [203.14.245.1]) by hub.freebsd.org (Postfix) with SMTP id 1C83B37B405 for ; Thu, 4 Oct 2001 03:44:21 -0700 (PDT) Received: (qmail 47403 invoked from network); 4 Oct 2001 10:44:04 -0000 Received: from ck.transactionware.com (192.168.1.17) by penfold.transactionware.com with SMTP; 4 Oct 2001 10:44:04 -0000 Received: (qmail 32387 invoked by uid 1006); 4 Oct 2001 10:50:02 -0000 Received: from janm@transactionware.com by ck.transactionware.com with qmail-scanner-0.96 (sweep: 2.4/3.46. . Clean. Processed in 1.070503 secs); 04 Oct 2001 10:50:02 -0000 Received: from du1.transactionware.com (HELO mosm1) (192.168.1.10) by ck.transactionware.com with SMTP; 4 Oct 2001 10:50:01 -0000 Message-ID: <013201c14cc1$68b05430$0a01a8c0@mosm1> From: "Jan Mikkelsen" To: =?iso-8859-1?Q?David_Sieb=F6rger?= , "Ingeborg Hellemo" Cc: References: <200110041003.f94A3ex15230@boyd.cc.uit.no> Subject: Re: Reverse delegation of CIDR addresses (was: sdflkj) Date: Thu, 4 Oct 2001 20:43:30 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Ingeborg Hellemo" wrote: > drs-stable@rucus.ru.ac.za said: > > On Thu 2001-10-04 (08:59), Ceri wrote: > > > On Wed, Oct 03, 2001 at 05:16:20PM -0700, Michael Sierchio said: > > > > > > > My apologies. My ISP's absolute refusal to delegate reverse entries > > > > for my domain and /29 net is the problem. They gave me CNAME > > > entries > > > > instead of PTR records > > > > > > Umm, you can't delegate reverse DNS for a /29 _without_ using CNAMEs. > > > Not true. While the use of CNAMEs is suggested by RFC 2317, NS > > records can be used too. The technique is described at: > > > http://homepages.tesco.net./~J.deBoynePollard/FGA/avoid-rfc-2317-delega > > tion.html > > Do _not_ use this technique! > > Cite from > > "The document does NOT describe a valid DNS setup. It is simply illegal. > Please, completely ignore this setup. > > Following the ignorant example on your site would lead to that machine > being authoritative for the in-addr.arpa. domain. Only the > [a-i].root-servers.net. should be authoritative for those. > > This set-up will leak incorrect/dangerous/poisonous info through > authoritative & additional sections. For a provider with old caches (those > that will cache authoritative/additional section) that happen to have > cached yours, has the rest of the reverse name-space unavailable during > TTL of the RR's in the sections. > > Bad. Very very bad. > > Roy Arends > Nominum " While the example from the original URL is wrong, as is pointed out in this quote, that doesn't mean that you must use CNAMEs to accept reverse delegation. There is a better way. (There may be BIND syntax errors here; I use djbdns now, where everything is much better). For example, on the parent server: 4.3.2.1.in-addr.arpa. IN NS a.ns.4.3.2.1.in-addr.arpa. 4.3.2.1.in-addr.arpa. IN NS b.ns.4.3.2.1.in-addr.arpa. a.ns.4.3.2.1.in-addr.arpa. IN A 5.6.7.8 b.ns.4.3.2.1.in-addr.arpa. IN A 5.6.7.9 and on the child server: 4.3.2.1.in-addr.arpa. IN SOA blah blah ; see, syntax error right there 4.3.2.1.in-addr.arpa. IN NS a.ns.4.3.2.1.in-addr.arpa. 4.3.2.1.in-addr.arpa. IN NS b.ns.4.3.2.1.in-addr.arpa. a.ns.4.3.2.1.in-addr.arpa. IN A 5.6.7.8 b.ns.4.3.2.1.in-addr.arpa. IN A 5.6.7.9 4.3.2.1.in-addr.arpa. IN PTR 4.3.2.1 Add additional nameservers as required. Jan Mikkelsen janm@transactionware.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message