[CentOS] DNS wizard

Maciej Żenczykowski maze at cela.pl
Mon Jan 2 16:22:38 UTC 2006 

>> Classless reverse delegations in now way requires CNAMEs this is really 
>> only a BIND-limitation (and not so much a limitation but a combination of 
>> administrators laziness and BIND's mindset/zone-file structure).
>> 
> I suppose this is rather off topic but I'm very interested. Could you 
> elaborate?

Basically in BIND format what you do is:

Assume we want to serve up the hostnames of IP address of 1.2.3.4-1.2.3.9.

So we want to serve PTR records for 4.3.2.1.in-addr.arpa. all the way to 
9.3.2.1.in-addr.arpa.

'Normally' (in BIND) what you would do is the server which is hosting the 
3.2.1.in-addr.arpa. domain would delegate:

ORIGIN is 3.2.1.in-addr.arpa.

4-9 NS our.nameserver.hostname1.
4-9 NS our.nameserver.hostname1.
4 CNAME 4.4-9
5 CNAME 5.4-9
6 CNAME 6.4-9
7 CNAME 7.4-9
8 CNAME 8.4-9
9 CNAME 9.4-9

and then our nameserver would have:

ORIGIN is 4-9.3.2.1.in-addr.arpa.

4 PTR some-hostname.
5 PTR different-hostname.
...
9 PTR some-otherhostname.

Obviously this is the weird (some call it normal) way to do things using 
CNAME's.

Now - let's do it without CNAME's.

The 3.2.1.in-addr.arpa. server does:

ORIGIN is 3.2.1.in-addr.arpa.

4 NS our.nameserver.hostname1.
4 NS our.nameserver.hostname2.
5 NS our.nameserver.hostname1.
5 NS our.nameserver.hostname2.
6 NS our.nameserver.hostname1.
6 NS our.nameserver.hostname2.
7 NS our.nameserver.hostname1.
7 NS our.nameserver.hostname2.
8 NS our.nameserver.hostname1.
8 NS our.nameserver.hostname2.
9 NS our.nameserver.hostname1.
9 NS our.nameserver.hostname2.

which _CAN_ be written in two lines with a 'for-loop'
[can't remember the bind syntax, I think it's:
$GENERATE 4-9 $ NS our.namserver.hostname1.
$GENERATE 4-9 $ NS our.namserver.hostname2.
]

Okay so the stuff is delegated to us.
Now we could simply (or not so simply if we're using BIND, since we 
effectively have to create 9-4+1=6 zones) delegate normally, like so:

for each x in 4..9:
ORIGIN is x.3.2.1.in-addr.arpa.
x PTR some-hostname.
//+ SOA record for the zone

OR

we could decide that bind is screwed anyway and DNS servers and cache's 
are two fundamentally different animals and shouldn't be mixed anyway (ie. 
no DNS server should ever be a cache and vice versa) and we could simply 
stick everything in one zone-file (possibly even the root zone if we're 
extremely lazy).

The reason why CNAME's are used for reverse delegation is because 
administrators are lazy and BIND makes the proper non-CNAME using solution 
tiresome to implement.  It's a breeze with tinydns/djbdns (once you get to 
know the program, but that's normal).

Further reading, using djbdns syntax (not very legible for those used 
only to BIND syntax and not willing to learn):

http://cr.yp.to/djbdns/dot-arpa.html

Cheers,
MaZe.

More information about the CentOS mailing list