## Classless Reverse DNS ## Mark Turpin Classless reverse, while seemingly hard, is really quite simple once you get the hang of it. It basically consists of understanding what network mask you have, and getting your upstream to cooperate (and not be afraid of what they may not know!). What does classless reverse mean? Classless reverse is simply doing reverse for a network smaller than /24, or a Class C network. This means, you can assign out a /26, a /29 or whatever, to a downstream site, or customer, and allow them to control their own reverse. When dealing with many customers that have small /29 subnets, having them do their own DNS becomes critical if you don't have time to continually do DNS updates. Setting it up initially takes some time, but is worth it once you get it going. I'll include an example, a /26 that we use for a customer. I'll throw in a forward file just in case someone doesn't know how to do forward. (Hint: a helpful sheet on subnetting is available at: http://noc.cwis.net/subnet.txt) Prerequisites General understanding of DNS, and the DNS system. General Unix knowledge, and a working knowledge of how to kill, restart, and start services. An understanding of how forward lookup works, and the capability to do forward. Also, clue helps! Assuming you have a working/running version of bind8 going on your system, the following shouldn't be hard to grasp after awhile. If you don't, refer to Issue #2's (/199902/features/dns.html) description of how to setup bind. Example 1: Customer A has a /26 in 205.216.216.0 and owns foo.com Provider's named.conf --------------------- zone "216.216.205.in-addr.arpa" { type master; file "db.205.216.216.0"; }; Customer's named.conf --------------------- zone "0-26.216.216.205.in-addr.arpa" { type master; file "db.205.216.216.0-26"; }; zone "foo.com" { type master; file "db.foo.com"; }; Provider's zone file -------------------- (db.205.216.216.0) $ORIGIN 216.205.in-addr.arpa. 216 IN SOA provider.com point-of-contact.provider.com ( 1999041201 ;serial 3600 900 3600000 3600 ) IN NS ns1.provider.com. IN NS ns2.provider.com. IN NS ns3.provider.com. $ORIGIN 216.216.205.in-addr.arpa. 0-26 IN NS ns.foo.com ;this is the customer's name server IN NS ns1.provider.com. IN NS ns2.provider.com. IN NS ns3.provider.com. 1 IN CNAME 1.0-26.216.216.205.in-addr.arpa. 2 IN CNAME 2.0-26.216.216.205.in-addr.arpa. 3 IN CNAME 3.0-26.216.216.205.in-addr.arpa. 4 IN CNAME 4.0-26.216.216.205.in-addr.arpa. 5 IN CNAME 5.0-26.216.216.205.in-addr.arpa. 6 IN CNAME 6.0-26.216.216.205.in-addr.arpa. ... 60 IN CNAME 60.0-26.216.216.205.in-addr.arpa. 61 IN CNAME 61.0-26.216.216.205.in-addr.arpa. 62 IN CNAME 62.0-26.216.216.205.in-addr.arpa. What this does is simply state that the 0-26 belongs to foo.com and for information regarding it, check out ns.foo.com, as it is authoritative for it. The standard I use, is start_of_network-network_slash. So in this case where the customer has 205.216.216.0/26, I use 0-26, and the - symbolizes the / to me. I then know whenever I look at this, that the network is a /26, and there are going to be 62 usable IP's here. Customer's zone file -------------------- (db.205.216.216.0-26) $ORIGIN 216.216.205.in-addr.arpa. 0-26 IN SOA foo.com point-of-contact.foo.com ( 1999041201 ;serial 3600 900 3600000 3600 ) IN NS ns.foo.com. IN NS ns1.provider.com. IN NS ns2.provider.com. IN NS ns3.provider.com. $ORIGIN 0-26.216.216.205.in-addr.arpa. 1 IN PTR router1.gw.foo.com. 2 IN PTR george.foo.com. 3 IN PTR tom.foo.com. ... 62 IN PTR mary.foo.com. This is similar to the normal reverse file, and doesn't require much thinking. You *could* do it a bit different, and drop the $origin line, and just put @ on the SOA line, but I do it this way because its simpler for me, and I've been doing it like this for a long time. Customer's forward (domain) file -------------------------------- (db.foo.com) @ IN SOA foo.com point-of-contact.foo.com ( 1999041201 ;serial 3600 900 3600000 3600 ) IN NS ns.foo.com. IN NS ns1.provider.com. IN NS ns2.provider.com. IN NS ns3.provider.com. localhost IN A 127.0.0.1 router1.gw IN A 205.216.216.1 george IN A 205.216.216.2 tom IN A 205.216.216.3 ... mary IN A 205.216.216.62 That's basically all there is to it folks. Relatively easy, and to get it all done just takes time, and cooperation from those that are in involved. If you are the provider, tell your customer's its for their benefit (and yours, since it gets them out of your hair) and that it makes things simpler. If you are the customer, tell your provider that you want to control your reverse for whatever reasons you may have, in addition to the fact that it allows you to customize host information at any time you wish. Questions? Comments? Did I leave something out? Feel free to e-mail me, mark@ewenix.net if so! --------------------------------------------------- Copyright (c) 1999 by Mark Turpin (mark@ewenix.net) This may be used for fair non-commercial purposes without the consent of the author provided this copyright notice accompanies any usage of the material herein. The instructions here are provided AS IS; no responsibility whatsoever is taken for any damage caused by following them properly or otherwise. $Id: reverse.txt,v 1.1 2000/02/16 08:07:52 jim Exp $