Delegating Reverse-Mapping for Networks with Non-Octet Masks
6.4.1 Problem
You want to delegate responsibility for reverse-mapping a network's IP addresses to a set of name servers, but the network mask or subnet mask doesn't fall on an octet boundary.
6.4.2 Solution
Determine how many reverse-mapping zones correspond to the network. Here's a table to show you how many you'll have.
|
Size of network |
Number of reverse-mapping |
|---|---|
|
/9 |
128 reverse-mapping zones such as 2.1.in-addr.arpa |
|
/10 |
64 "" |
|
/11 |
32 "" |
|
/12 |
16 "" |
|
/13 |
8 "" |
|
/14 |
4 "" |
|
/15 |
2 "" |
|
/17 |
128 reverse-mapping zones such as 3.2.1.in-addr.arpa |
|
/18 |
64 "" |
|
/19 |
32 "" |
|
/20 |
16 "" |
|
/21 |
8 "" |
|
/22 |
4 "" |
|
/23 |
2 "" |
|
/25-32 |
See Section 6.5 |
For example, say your network is 10/8 and you want to delegate the reverse-mapping zones for the subnet 10.192/10 to your European subsidiary's name servers. That subnetwork corresponds to 64 reverse-mapping zones, from 192.10.in-addr.arpa to 255.10.in-addr.arpa. That's a lot of delegation to add to the 10.in-addr.arpa zone data file: if each zone has two name servers, that's 128 NS records!
BIND name servers give you a shortcut, though. You can use the $GENERATE control statement to add a group of records that differ only by a number. For example, if your European subsidiary's name servers are called ns1.eu.corp.example and ns2.eu.corp.example, you could delegate all 64 reverse-mapping zones to them with just these two $GENERATE control statements:
$GENERATE 192-255 $ NS ns1.eu.corp.example. $GENERATE 192-255 $ NS ns2.eu.corp.example.
6.4.3 Discussion
Unfortunately, there's no corresponding way to generate the zone statements you'll need on the name servers the zones are delegated to. You'd need a full 64 zone statements in each name server's named.conf file.
6.4.4 See Also
Section 6.5 for handling networks smaller than a /24, and "Subnetting on a Non-Octet Boundary" in Chapter 9 of DNS and BIND.