lug-bg: Ukazvane na A resursni zapisi v IN-ADDR.ARPA syglasno RFC 1101

Mon, 10 Feb 2003 03:41:05 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tozi posting neka se razgleda kato dopylnenie na predishniate mi 
postingi na temata tunneli. V nego shte izpolzvam niakoi ot resheniata
podadeni v RFC 1101 (malko starichko RFC, no dosta nepoznato po
nashite zami... zashto li???)

Ako se nalaga da se praviat tunneli kato se operira samo s realni
adresi prostranstva se poluchava chesto slednia efect. Ponezhe
tunelnite prostranstva se ukazvat kato mrezhi sys 30-bitovi 
subnetni maski (okteten zapis 255.255.255.252) chesto nastypva
obyrkvane koia mrezha ot kyde zapochva i kyde svyrshva. Za da
ne se byrkate mozhete da izpolzvate syotvetnata za mrezhata vi
in-addr.arpa zona za celta.

   * * *

Shte vi pokazha kak stava tova pri nalichieto na mrezha ot class C
i bezklasovo delegirani mrezhi.

  * * *

 1. IN.ADDR.ARPA za mrezha ot class "C"

  Primerna shema: Shte razgledame mrezhata ot class C 192.168.1.0.
Tazi in-addr.arpa domaina za syotvetnata mrezha e delegiran ot 
centralen register za 168.192.in-addr.arpa po slednia nachin:

$ORIGIN 168.192.in-addr.arpa.
1   NS  ns1.example.dom.
     NS  ns2.example.dom.

Administratoryt na syotvetnata mrezha obache e reshil da razdeli 
tazi mrezha na po-malki segmenti za razlichni celi. Naprimer za
prostranstva za tunneli, podmrezhi i t.n... Naprimer, eto kak toi e
strukturiral svoiata mrezha:

192.168.1.0/30 -> tunelno IP prostranstvo
192.168.1.4/30 -> tunelno IP prostranstvo
192.168.1.8/30 -> tunelno IP prostranstvo
192.168.1.12/30 -> tunelno IP prostranstvo
192.168.1.16/28 -> potrebitelska mrezha No.1 
192.168.1.32/29 -> potrebitelska mrezha No.2
192.168.1.40/29 -> potrebitelska mrezha No.3
192.168.1.48/28 -> potrebitelska mrezha No.4
192.168.1.64/26 -> potrebitelska mrezha No.5
192.168.1.128/25 -> potrebitelska mrezha No.6

Nai-malkoto za da ulesni rabotata si, administratoryt mozhe da
opishe mrezhite i mrezhovite maski v in-addr.arpa domaina. Po-
dolu vi davam primer kak tova se pravi v zonata 1.168.192.in-addr.arpa:

$TTL 86400      ; 1 day
@   SOA ns1.example.dom. root.example.dom. (
                                2003020902 ; serial
                                86400      ; refresh (1 day)
                                3600       ; retry (1 hour)
                                3600000    ; expire (5 weeks 6 days 16 hours)
                                86400      ; minimum (1 day)
                                )
                        NS      ns1.example.dom.
                        NS      ns2.example.dom.
0 PTR  net-address.example.dom.
  A     255.255.255.252
1 PTR host1.tunnel-1.example.dom.
2 PTR host2.tunnel-1.example.dom.
3 PTR broadcast.tunnel-1.example.dom.
4 PTR net-address.tunnel-2.example.dom.
   A    255.255.255.252
5 PTR host1.tunnel-2.example.dom.
6 PTR host2.tunnel-2.example.dom.
7 PTR broadcast.tunnel-2.example.dom.
8 PTR net-address.tunnel-3.example.dom.
   A    255.255.255.252
9 PTR host1.tunnel-3.example.dom.
10 PTR host2.tunnel-3.example.dom.
11 PTR broadcast.tunnel-3.example.dom.
12 PTR net-address.tunnel-4.example.dom.
   A    255.255.255.252
13 PTR host1.tunnel-4.example.dom.
14 PTR host2.tunnel-4.example.dom.
15 PTR broadcast.tunnel-4.example.dom.
16 PTR net-address.usernet-1.example.dom.
    A 255.255.255.240
...
...
...
31 PTR broadcast.usernet-1.example.dom.
32 PTR net-address.usernet-2.example.dom.
     A  255.255.255.248
...
...
...
39 PTR broadcast.usernet-2.example.dom.
40 PTR net-address.usernet-3.example.dom.
    A  255.255.255.248 
...
...
...
47 PTR broadcast.usernet-3.example.dom.
48 PTR net-address.usernet-4.example.dom.
    A  255.255.255.240
...
...
...
63 PTR broadcast.usernet-4.example.dom.
64 PTR net-address.usernet-5.example.dom.
    A  255.255.255.192
...
...
...
127 PTR broadcast.usernet-5.example.dom.
128 PTR net-address.usernet-6.example.dom.
    A  255.255.255.128
...
...
...
255 PTR broadcast.usernet-6.example.com.


Celta na tezi A zapisi (pone v nashia sluchai) e da pokazhe ot kyde
zapochva dadena mrezha i kakva e neinata subnet maska. Tova mnogo
pomaga v orientirovkata.

Malko obiasnenia otnosno zapitvaniata...

Ako  napravite zapitvaneto 

dig @ns1.example.dom -t PTR 0.1.168.192.in-addr.arpa

shte poluchite otgovor:

[root@ns1 root]# dig @ns1.example.dom. -t PTR 0.1.169.192.in-addr.arpa

...
;; ANSWER SECTION:
0.1.168.192.in-addr.arpa. 86400 IN      PTR     net-address.tunnel-1.example.dom.
...

Ako iskate da izvlechete A RR:

[root@ns1 root]# dig @ns1.example.dom. -t A 0.1.169.192.in-addr.arpa

...
;; ANSWER SECTION:
0.1.168.192.in-addr.arpa. 86400 IN      A       255.255.255.252
...

Taka i shte razberete, che raboti.

Kogato iskate da proverite arhitekturata na vashata mrezha, mozhete da
zadadete AXFR na zonata i da ia vidite v neinata cialost. Dosta e polezno
i to v mnogo sluchai. Zabravete za paranoiata za zabrana na transfer na
zoni in-addr.arpa. Mozhe da se dokazhe na 5 reda, che tova e absoliutno
glupavo i nenuzhno.

 * * *

 2. IN.ADDR.ARPA za bezklasovo delegirane

 Primerna shema: Klient e poluchil mrezhata 192.168.2.0/26 (okteten zapis
na subnetnata maska 255.255.255.192). Delegianeto na domaina in.addr-arpa
za tazi mrezha e izvyrsheno v zonata na domaina 2.168.192.in-addr.arpa
po slednia nachin (za poveche podrobnosti vizh RFC 2317):


...
...
0 NS ns1.client.dom.
   NS ns2.client.dom.
1 CNAME 1.0
2 CNAME 2.0
...
...
...
63 CNAME 63.0
...
...

Klientyt ot svoia strana e izgradil pri sebe si zona za domaina     
0.2.168.192.in-addr.arpa i e napravil slednia mrezova arhitektura:

192.168.2.0/30 -> tunelno IP prostranstvo
192.168.2.4/30 -> tunelno IP prostranstvo
192.168.2.8/30 -> tunelno IP prostranstvo
192.168.2.12/30 -> tunelno IP prostranstvo
192.168.2.16/28 -> potrebitelska mrezha No.1 
192.168.2.32/29 -> potrebitelska mrezha No.2
192.168.2.40/29 -> potrebitelska mrezha No.3
192.168.2.48/28 -> potrebitelska mrezha No.4

Sorcyt na zonata (sys sykrashtenia) e ot vida:

$TTL 86400      ; 1 day
@   SOA ns1.client.dom. root.client.dom. (
                                2003020902 ; serial
                                86400      ; refresh (1 day)
                                3600       ; retry (1 hour)
                                3600000    ; expire (5 weeks 6 days 16 hours)
                                86400      ; minimum (1 day)
                                )
                        NS      ns1.client.dom.
                        NS      ns2.client.dom.
                        PTR  net-address.client.dom.
                        A       255.255.255.252
1 PTR host1.tunnel-1.client.dom.
2 PTR host2.tunnel-1.client.dom.
3 PTR broadcast.tunnel-1.client.dom.
4 PTR net-address.tunnel-2.client.dom.
   A    255.255.255.252
5 PTR host1.tunnel-2.client.dom.
6 PTR host2.tunnel-2.client.dom.
7 PTR broadcast.tunnel-2.client.dom.
8 PTR net-address.tunnel-3.client.dom.
   A    255.255.255.252
9 PTR host1.tunnel-3.client.dom.
10 PTR host2.tunnel-3.client.dom.
11 PTR broadcast.tunnel-3.client.dom.
12 PTR net-address.tunnel-4.client.dom.
   A    255.255.255.252
13 PTR host1.tunnel-4.client.dom.
14 PTR host2.tunnel-4.client.dom.
15 PTR broadcast.tunnel-4.client.dom.
16 PTR net-address.usernet-1.client.dom.
    A 255.255.255.240
...
...
...
31 PTR broadcast.usernet-1.client.dom.
32 PTR net-address.usernet-2.client.dom.
     A  255.255.255.248
...
...
...
39 PTR broadcast.usernet-2.client.dom.
40 PTR net-address.usernet-3.client.dom.
    A  255.255.255.248 
...
...
...
47 PTR broadcast.usernet-3.client.dom.
48 PTR net-address.usernet-4.client.dom.
    A  255.255.255.240
...
...
...
63 PTR broadcast.usernet-4.client.dom.

Prilicha na prednia sluchai e edno izkliuchenie!!!

Vnimanie!!! TOVA E OSNOVNATA RAZLIKA MEZHDU DVATA 
SLUCHAIA I E DOBRE DA IA PROCHETETE V-N-I-M-A-T-E-L-N-O!

Neka sega da izikskvame izvlichaneto na PTR resursen zapis za 
0.2.168.192.in-addr.arpa. Shemata na izvlichane shte byde slednata:

Shte byde zapitan registyra za 168.192.in-addr.arpa, posle shte ima
zapitvane kym zonata na domaina 2.168.192.in-addr.arpa i ottam 
zapitvaneto shte byde izprateno kym zonata na domaina 
0.2.168.192.in-addr.arpa. I tuk idva tykia moment. Zabelezhete kyde i
kak e napraven PTR RR za 0.2.168.192.in-addr.arpa. Toi e napraven
v headera na zonata (sravnete s prednia sluchai). Ako se napravi
opisanieto 

0   PTR  net-address.client.dom.
     A  255.255.255.252

to niama da raboti. Tuk niakoi mozhe da kazhe "da, ama ako
napravia 
  0  CNAME 0.0
v zonata ma domaina 2.168.192.in-addr.arpa ... ". Da, no obyrnete
vnimanie, che taka shte se poluchi slednoto natrupvane na definicii

0  NS  ns1.client.dom.
0  NS  ns2.client.dom.
0  CNAME 0.0

koeto ne e syvsem korektno.

* * *

Tova shte se opitam da go sybera i doopravia v edna documentacia za da
mozhe da e v chitaem i priaten za okoto vid, no tova shte se sluchi po-
natatyk. Sega samo go napravih za da pomogna na tezi, koito cepiat
mrezhite na mnogo submrezhi.

* * *
Vyzmozhno e mnogo clienti da sreshtnat nerazbirane po vyprosa ot strana
na systemnite administratori na dostavchicite. Shte gi pomolia da mi pishat
na lichnia e-mail za podobni sluchai.

  Pozdravi
     Vesselin Kolev
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+R4vx+48lZPXaa+MRAryTAKD4KBN2ITy7Mnv68dqOsZCptpIIRACg/60K
x37BrCovkMwH+XeWDhoE52Y=
=iFib
-----END PGP SIGNATURE-----

============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================

Reply via email to