[CentOS] Re: DNS Server

Mon Jun 26 11:19:10 UTC 2006
Johnny Hughes <johnny at centos.org>

On Sun, 2006-06-25 at 20:32 -0400, Thomas E Dukes wrote:
<snip>

> 
> So even if a service such as zoneedit, say they can do reverse DNS, it won't
> work?
> 
> I really don't understand how it can work in one direction and not the
> reverse.  If they can keep up with my IP address and match it to my
> domainanme, seems they could do the reverse.
> 

OK ... rather than you staying confused on this issue, I will try to
explain it in basic terms.

DNS converts names to IPs (forward lookups) and IPs to names (reverse
lookups).  

A forward lookup is when you have a name (www.abcxyz.com) and need a
number.  This this case, there is a domain owner and that domain has
it's own DNS Zone.  The owner of that Zone can put whatever IP addresses
(numbers) with names that they want in that zone.

In the case of a forward lookup, there is no predefined zone at all ...
you can have as many names as you want, and since people pay for it (the
name), it stands to reason that will keep it updated properly.

A reverse lookup is different.  The standard for reverse lookups break
them down in "Class C" blocks (that is, the first 3 groups of numbers
are the network number, the last group is the host number).  If you have
an ip address of:

192.87.99.234

The network number is 192.87.99.0, the subnet mask is 255.255.255.0, the
host number is 234, and the reverse lookup domain is:

99.87.192.in-addr.arpa

All 254 host addresses in that zone are normally assigned from the owner
of that zone from one machine.  If someone buys the whole class C
network, they get to control the zone, otherwise it is normally
controlled by the ISP that owns all the IPs.

It is possible, but not usually done, to break up the reverse into
smaller ranges.

Tom Diehl has already mentioned RFC 2317:

http://www.faqs.org/rfcs/rfc2317.html

Using the techniques there, an ISP _CAN_ transfer control of some
reverse lookup domains.  They will normally not do it unless you have a
fairly large network, however.

I hope this helps you understand that forward zones are designed to
easily break them down into 1 or 2 names ... but reverse zones are
predefined and not designed for less than 1 class C network blocks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20060626/3cdda42f/attachment-0005.sig>