Question abut reserv zone

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Question abut reserv zone

Julie Xu-2

Hi,

 

I have a zone, we say abc.edu.au, all private address 10.0.0.0/8 is in this zone. So, I have a revers zoon 10.in-addr-arpa existed. I am the master.

 

Now, there is a new zone required - ddd.abc.edu.au reverse should 100.10.in-addr-arpa; we are secondary of this zone.

 

However, currently, there is some ip address in zone abc.edu.au there which is  the range, they are still required.

 

For example we want host.ddd.abc.edu.au, and app.abc.edu.au both existed.

                The host.ddd.abs.edu.au – 10.100.10.20 – transferred from master dns for the domain ( both forward/reversed zones)

                The app.abc.edu.au – 10.100.10.20  original in 10.0.0.0/8 zone file which we are the master.


Both are A record.

 

What will happen if I create second reverse zoon for 100.10.in-addr-arp? Is my current app.abc.edu.au will lose? If it is true, do I have anyway to work around?

 

Any comments will be appreciated

 

Thanks in advance

 

 

Julie Xu

 


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Question abut reserv zone

Mark Andrews
In this example since the address is the same I would just pick
one name (the name the machine knows itself as) and use that name for the
PTR record.

I would also use DNS UPDATE to update the reverse zones rather than
editing master files.  You can delegate update authority down to the
<name,type> tuple level with DNS UPDATE.  Then it doesn’t matter which
machines are holding master files for the reverse zones.

Mark

> On 13 Feb 2018, at 9:06 am, Julie Xu <[hidden email]> wrote:
>
>>
>> Hi,
>>  
>> I have a zone, we say abc.edu.au, all private address 10.0.0.0/8 is in this zone. So, I have a revers zoon 10.in-addr-arpa existed. I am the master.
>>  
>> Now, there is a new zone required - ddd.abc.edu.au reverse should 100.10.in-addr-arpa; we are secondary of this zone.
>>  
>> However, currently, there is some ip address in zone abc.edu.au there which is  the range, they are still required.
>>  
>> For example we want host.ddd.abc.edu.au, and app.abc.edu.au both existed.
>>                 The host.ddd.abs.edu.au – 10.100.10.20 – transferred from master dns for the domain ( both forward/reversed zones)
>>                 The app.abc.edu.au – 10.100.10.20  original in 10.0.0.0/8 zone file which we are the master.
>
> Both are A record.
>>  
>> What will happen if I create second reverse zoon for 100.10.in-addr-arp? Is my current app.abc.edu.au will lose? If it is true, do I have anyway to work around?
>>  
>> Any comments will be appreciated
>>  
>> Thanks in advance
>>  
>>  
>> Julie Xu
>>  
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: [hidden email]

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

RE: Question abut reserv zone

Darcy Kevin (FCA)
You mean, don't slave 100.10.in-addr.arpa at all, and just maintain 10.in-addr.arpa locally?

The problem the original poster may run into, however, is that there may be other records in 100.10.in-addr.arpa that change dynamically, and those changes may not be reflected if only 10.in-addr.arpa is maintained locally.

To be sure, a "sync" script could be run periodically to keep 10.in-addr.arpa up to date. I've written such things in the past. But now we're talking about custom software, not something that can be accomplished using just BIND and its associated tools...

The other approach is to define zones for just the specific names that need to be "overridden" from the slave zone (Microsoft calls them "pinpoint zones"). That's a terrible solution, of course, since these zones are undelegated from their parent and thus special care must be taken to ensure that all resolvers which need to resolve the names in a specific way are configured appropriately (using master/slave/stub/forward). But at least it can be implemented using only BIND and its tools.

                                                                                                                - Kevin




-----Original Message-----
From: bind-users [mailto:[hidden email]] On Behalf Of Mark Andrews
Sent: Monday, February 12, 2018 6:19 PM
To: Julie Xu <[hidden email]>
Cc: [hidden email]
Subject: Re: Question abut reserv zone

In this example since the address is the same I would just pick one name (the name the machine knows itself as) and use that name for the PTR record.

I would also use DNS UPDATE to update the reverse zones rather than editing master files.  You can delegate update authority down to the <name,type> tuple level with DNS UPDATE.  Then it doesn’t matter which machines are holding master files for the reverse zones.

Mark

> On 13 Feb 2018, at 9:06 am, Julie Xu <[hidden email]> wrote:
>
>>
>> Hi,
>>  
>> I have a zone, we say abc.edu.au, all private address 10.0.0.0/8 is in this zone. So, I have a revers zoon 10.in-addr-arpa existed. I am the master.
>>  
>> Now, there is a new zone required - ddd.abc.edu.au reverse should 100.10.in-addr-arpa; we are secondary of this zone.
>>  
>> However, currently, there is some ip address in zone abc.edu.au there which is  the range, they are still required.
>>  
>> For example we want host.ddd.abc.edu.au, and app.abc.edu.au both existed.
>>                 The host.ddd.abs.edu.au – 10.100.10.20 – transferred from master dns for the domain ( both forward/reversed zones)
>>                 The app.abc.edu.au – 10.100.10.20  original in 10.0.0.0/8 zone file which we are the master.
>
> Both are A record.
>>  
>> What will happen if I create second reverse zoon for 100.10.in-addr-arp? Is my current app.abc.edu.au will lose? If it is true, do I have anyway to work around?
>>  
>> Any comments will be appreciated
>>  
>> Thanks in advance
>>  
>>  
>> Julie Xu
>>  
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: [hidden email]

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Question abut reserv zone

Mark Andrews
The reverse of a /8 is pretty big.  I would do it as reverses of /16’s or /24’s.
That also lets you mix and match management styles, but for a /24 which has multiple
administrators DNS UPDATE is still the way to go.

Machines should be updating their own PTR records using DNS UPDATE.  DNS UPDATE over
TCP from the address to be updated is secure enough for 99.9% of uses.

ISP’s are only scared of it because people may add “<ISP>.sucks” as the name in the
PTR record.

Mark

> On 13 Feb 2018, at 10:36 am, Darcy Kevin (FCA) <[hidden email]> wrote:
>
> You mean, don't slave 100.10.in-addr.arpa at all, and just maintain 10.in-addr.arpa locally?
>
> The problem the original poster may run into, however, is that there may be other records in 100.10.in-addr.arpa that change dynamically, and those changes may not be reflected if only 10.in-addr.arpa is maintained locally.
>
> To be sure, a "sync" script could be run periodically to keep 10.in-addr.arpa up to date. I've written such things in the past. But now we're talking about custom software, not something that can be accomplished using just BIND and its associated tools...
>
> The other approach is to define zones for just the specific names that need to be "overridden" from the slave zone (Microsoft calls them "pinpoint zones"). That's a terrible solution, of course, since these zones are undelegated from their parent and thus special care must be taken to ensure that all resolvers which need to resolve the names in a specific way are configured appropriately (using master/slave/stub/forward). But at least it can be implemented using only BIND and its tools.
>
> - Kevin
>
>
>
>
> -----Original Message-----
> From: bind-users [mailto:[hidden email]] On Behalf Of Mark Andrews
> Sent: Monday, February 12, 2018 6:19 PM
> To: Julie Xu <[hidden email]>
> Cc: [hidden email]
> Subject: Re: Question abut reserv zone
>
> In this example since the address is the same I would just pick one name (the name the machine knows itself as) and use that name for the PTR record.
>
> I would also use DNS UPDATE to update the reverse zones rather than editing master files.  You can delegate update authority down to the <name,type> tuple level with DNS UPDATE.  Then it doesn’t matter which machines are holding master files for the reverse zones.
>
> Mark
>
>> On 13 Feb 2018, at 9:06 am, Julie Xu <[hidden email]> wrote:
>>
>>>
>>> Hi,
>>>
>>> I have a zone, we say abc.edu.au, all private address 10.0.0.0/8 is in this zone. So, I have a revers zoon 10.in-addr-arpa existed. I am the master.
>>>
>>> Now, there is a new zone required - ddd.abc.edu.au reverse should 100.10.in-addr-arpa; we are secondary of this zone.
>>>
>>> However, currently, there is some ip address in zone abc.edu.au there which is  the range, they are still required.
>>>
>>> For example we want host.ddd.abc.edu.au, and app.abc.edu.au both existed.
>>>                The host.ddd.abs.edu.au – 10.100.10.20 – transferred from master dns for the domain ( both forward/reversed zones)
>>>                The app.abc.edu.au – 10.100.10.20  original in 10.0.0.0/8 zone file which we are the master.
>>
>> Both are A record.
>>>
>>> What will happen if I create second reverse zoon for 100.10.in-addr-arp? Is my current app.abc.edu.au will lose? If it is true, do I have anyway to work around?
>>>
>>> Any comments will be appreciated
>>>
>>> Thanks in advance
>>>
>>>
>>> Julie Xu
>>>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> [hidden email]
>> https://lists.isc.org/mailman/listinfo/bind-users
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: [hidden email]
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: [hidden email]

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Question abut reserv zone

Michelle Konzack-2
Good morning,

Am 2018-02-13 hackte Mark Andrews in die Tasten:
> ISP’s are only scared of it because people may add “<ISP>.sucks” as
> the name in the
> PTR record.

ROTFL!

> Mark

Have a nice day

--
Michelle Konzack        Miila ITSystems @ TDnet
GNU/Linux Developer     00372-54541400

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users