Did you ever get this reply? ------------------------------------------------- Tks | <mailto:[EMAIL PROTECTED]> BV | <mailto:[EMAIL PROTECTED]> Sr. Technical Consultant, SBM, A Gates/Arrow Co. Vox 770-623-3430 11455 Lakefield Dr. Fax 770-623-3429 Duluth, GA 30097-1511 ================================================= -----Original Message----- From: Bob Vance Sent: Tuesday, September 19, 2000 12:00 AM To: clst Cc: Benny Leong (HTHK - Senior Engineer II - iServices Development, NNSD) Subject: RE: Zone Delegation/Reverse Delegation If the ISP is authoritative for "bar.com", then you cannot create the sub-domain "foo.bar.com". The administrator of whichever system is authoritative for "bar.com" would create it and delegate authority for it to your local DNS host. >I don't understand why the DNS delegation is done by ISP but the >reverse delegation is done by APNIC. That's just the way delegation works. Only the authority for a domain can create a sub-domain of that domain (reverse domains are valid domains just like "forward" ones are) and then, possibly, delegate authority for it to some other nameserver. Perhaps looking at the details will help: I am "ns1.bar.com" and am the primary (the source data files for the zone are most likely on me) nameserver for bar.com. Here is the data for bar.com (the authority for this zone was delegated to me by the authority for ".com"): $ORIGIN bar.com. @ IN SOA ...... IN NS ns1.bar.com. ; these records match IN NS ns.xyz.isp.com. ; the records in .com ns1 IN A 206.222.111.11 ; that delegate bar.com to me www IN A 206.222.111.17 ftp IN A 206.222.111.18 $ORIGIN foo.bar.com. ; here is a sub-domain that I create pluto IN A 206.222.166.31 ; but I'm still the authority for it goofy IN A 206.222.166.31 ; so I create the records and maintain donald IN A 206.222.166.31 ; the zone data for it At some point there are just too many hosts and too much work to maintain the sub-domain data, so I decide to *delegate* authority to another server in our company and let them do the work. The sub-domain data changes thusly: $ORIGIN foo.bar.com. ; here is a sub-domain that I create IN NS pluto ; but "pluto" will be the authority for it pluto IN A 206.222.166.31 ; the appearance of the NS record is the ; delegation and this is known as a ; "zone cut" Now, "pluto" can be the primary nameserver for foo.bar.com and have zone data for it. OK. The *same* hold true for the reverse delegation. If "ns1.bar.com" is to be authoritative for 111.222.206.in-addr.arpa then whoever is authoritative for 222.206.in-addr.arpa would have a zone cut at 111.222.206.in-addr.arpa and delegate authority for it to "ns1.bar.com" $ORIGIN 111.222.206.in-addr.arpa ; here is the sub-domain IN NS ns1.bar.com ; and I'm now the authority Normally, you ISP would be authoritative for 111.222.206.in-addr.arpa, but maybe not. In any case, only that authority can delegate authority for 111.222.206.in-addr.arpa to you. Talk to your ISP about this -- they should be able to tell you whom to contact to get the reverse sub-domain delegated to you. ------------------------------------------------- Tks | <mailto:[EMAIL PROTECTED]> BV | <mailto:[EMAIL PROTECTED]> Senior Tech. Consultant, SBM, A Gates/Arrow Co. Vox 770-623-3430 11455 Lakefield Dr. Fax 770-623-3429 Duluth, GA 30097-1511 ================================================= -----Original Message----- From: Benny Leong (HTHK - Senior Engineer II - iServices Development, NNSD) [mailto:[EMAIL PROTECTED]] Sent: Monday, September 18, 2000 10:29 PM To: 'Bob Vance' Subject: RE: Zone Delegation/Reverse Delegation Hi Bob, I need further explanation from you : The DNS of the domain, bar.com, is hosted by an ISP. We have applied a range of IP address and AS# from APNIC. We have created our sub-domain, say, foo.bar.com. The DNS server of this subdomain is hosted by ourselves. I don't understand why the DNS delegation is done by ISP but the reverse delegation is done by APNIC. Regards, Benny ---------- From: Bob Vance [SMTP:[EMAIL PROTECTED]] Sent: Monday, September 18, 2000 8:41 PM To: CISCO_GroupStudy List (E-mail) Cc: 'Benny Leong (HTHK - Senior Engineer II - iServices Development, NNSD)' Subject: RE: Zone Delegation/Reverse Delegation The reverse delegation is done by whomever has been delegated authority for the parent of the reverse domain, just like for the forward domains. E.g., whoever has authority for xxx.yyy (yyy.xxx.in-addr.arpa domain) will delegate authority for any xxx.yyy.nnn. After all, nnn.yyy.xxx.in-addr.arpa is simply a sub-domain of yyy.xxx.in-addr.arpa just like foo.bar.com is a sub-domain of bar.com. Once you have authority for a domain, you can delegate sub-domains at your whim. Typically, your ISP would have authority for your reverse parent. If the ISP is hosting your DNS, then they would retain authority for both the forward and the reverse domains. You say that *you* created a sub-domain. That means that you have the ability to change the zone data on their server. But you cannot arbitrarily start using a new range of IP addresses. You have been assigned a range of IPs by your ISP, and you must stay within that range. Thus, whoever is authoritative for that range would have to add the PTR records for your host. Most likely it's the ISP, and it would seem that you should also have the ability to set up the reverse PTRs yourself. ------------------------------------------------- Tks | <mailto:[EMAIL PROTECTED]> BV | <mailto:[EMAIL PROTECTED]> Senior Tech. Consultant, SBM, A Gates/Arrow Co. Vox 770-623-3430 11455 Lakefield Dr. Fax 770-623-3429 Duluth, GA 30097-1511 ================================================= -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Benny Leong (HTHK - Senior Engineer II - iServices Development, NNSD) Sent: Monday, September 18, 2000 1:55 AM To: '[EMAIL PROTECTED]' Subject: FW: Zone Delegation/Reverse Delegation It seems that I cannot post message. This is to re-send the same mail message. I have 2 T1 connected to 2 separate ISPs. The DNS is being hosted on one ISP. Now, I have created a subdomain. Is the zone delegation done at the ISP and the reverse delegation done at the APNIC ? **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]