Книга: Fedora™ Unleashed, 2008 edition
Reverse Zone
Reverse Zone
Take a moment to pretend that we live in a perfect world: Your highly competent ISP has successfully delegated authority of your reverse zone to you, and you must set up named to handle reverse resolution, too. This process is very similar to what you used to set up the reverse zone for 0.0.127.in-addr.arpa. Now, however, you must determine your zone's name.
DNS can delegate authority only at the . in domain names; as a result, you can set up reverse zones for the whole of a class A, B, or C network because they are divided at octet boundaries in the IP address. This approach is clearly unsuitable for classless subnets such as yours because the divisions are not at octet boundaries, but in the middle of an octet. In other words, your network cannot be described as x.* (Class A), x.y.* (Class B), or x.y.z.* (Class C). The latter comes closest, but includes several addresses (such as 192.0.2.22) that do not belong to the tiny 192.0.2.0/29 network. To set up a reverse zone for your network, you must resort to the use of classless delegation (described in RFC 2317).
The ISP, which is authoritative for the 2.0.192.in-addr.arpa zone, must either maintain your reverse zone for you or add the following records into its zone file:
----------
| 1 CNAME 1.1-6
| 2 CNAME 2.1-6
| 3 CNAME 3.1-6
| 4 CNAME 4.1-6
| 5 CNAME 5.1-6
| 6 CNAME 6.1-6
|
| 1-6 NS 192.0.2.1
| 1-6 NS 192.0.2.96
----------
The first CNAME record says that 1.2.0.192.in-addr.arpa is an alias for 1.1-6.2.0.192._in-addr.arpa. (The others are similar. There are no CNAME records for network and broadcast addresses 0 and 7 because they do not need to resolve.) Resolvers already know how to follow CNAME aliases while resolving names. When they ask about the 1-6 domains, they find the NS records defined previously and continue with their query by asking the nameserver about 1.1-6.2.0.192.in-addr.arpa.
So you must set up a zone file for 1-6.2.0.192.in-addr.arpa. Apart from the peculiar name, this zone file is similar in every respect to the reverse zone set up earlier, and should contain six PTR records (apart from the SOA and NS records). Note that you make 192.0.2.96 (ns2) a slave for the reverse zone, too, so the administrator must add a suit able zone statement to named.conf for it.
CAUTION
Be aware that in the real world you might have to wait for months for your ISP to get the reverse delegation right, and your reverse zone remains broken until then.
Оглавление книги
- Forward Zone
- Reverse Lookup Problems
- Troubleshooting Problems in Zone Files
- Reverse Lookups
- Configuring reverse lookups
- Updating zone properties and the SOA record
- Setting the Time Zone
- Using DNSSEC and Signing Zones
- Creating child domains within zones
- Creating child domains in separate zones
- Allowing and restricting zone transfers
- Setting the zone type