I should clarify that the ISP will add CNAMEs for the *entire* partial
IP range assigned to you, regardless of whether you have a matching PTR
record -- you add/modify the PTRs as needed.
Then the ISP will never have to make another change.
Suppose you have 1.2.3.16/28.
Then the ISP's reverse will look like:
$ORIGIN 3.2.1.in-addr.arpa.
...
16 IN CNAME 16.in.your.domain.
17 IN CNAME 17.in.your.domain.
...
31 IN CNAME 31.in.your.domain.
Of course, he'll probably really use a single line in his config:
$GENERATE 16-31 $ CNAME $.in.your.domain.
(or maybe 17-30 :)
-
Tks | mailto:[EMAIL PROTECTED]
BV | mailto:[EMAIL PROTECTED]
Sr. Technical Consultant, SBM, A Gates/Arrow Co.
Vox 770-623-3430 11455 Lakefield Dr.
Fax 770-623-3429 Duluth, GA 30097-1511
=
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, February 20, 2001 7:39 PM
To: CISCO_GroupStudy List (E-mail)
Subject: RE: Reverse DNS
It's a good idea to have reverse entries for forward names that are
visible to the Internet -- some mail servers do a reverse lookup to
"verify" that you are valid and won't receive your mail without the
reverse lookup.
Typically, your ISP will be authoritative for the zone from which your
IP space is allocated (although not always).
But, I think that it's better for you to be the master for both the
forward and reverse zones, and let the ISP be slave (secondary) for
both.
If you have an entire /24 block of addresses, then they would just
delegate that entire zone to you.
If you have a partial Class C (/n where n24), then the ISP will
remain authoritative for the full zone, but there are several ways that
they can give you control.
One way is for them to delegate to you a sub-zone of the full reverse
zone and then put CNAMEs pointing into the new sub-zone for which you
will be authoritative -- you put the 'real" PTRs in this new sub-zone.
IMHO, better is for them simply to replace their current PTR records
with CNAME records pointing to names into your current *forward* zone.
You would then insert PTR records with those names into your current
forward zone and then you can change them at will.
Two benefits to this method are:
. there are no new zones nor NS records
. your forward "A" records and the corresponding reverse PTR
records are right in the same zone.
The ISP would normally have the PTRs thusly:
$ORIGIN zz.yy.xx.in-addr.arpa.
...
num IN PTR name.in.your.domain.
But every time you make a change, the ISP has to get involved.
In the second method I described above, the ISP replaces that record
thusly:
$ORIGIN zz.yy.xx.in-addr.arpa.
...
;;del;; num IN PTR name.in.your.domain.
num IN CNAME num.in.you.domain.
Then, in your forward zone you simply add the "real" PTRs:
$ORIGIN in.your.domain.
...
name IN A num.xx.yy.zz
num IN PTR name
...
-
Tks | mailto:[EMAIL PROTECTED]
BV | mailto:[EMAIL PROTECTED]
Sr. Technical Consultant, SBM, A Gates/Arrow Co.
Vox 770-623-3430 11455 Lakefield Dr.
Fax 770-623-3429 Duluth, GA 30097-1511
=
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Roan, Wayne
Sent: Tuesday, February 20, 2001 5:18 PM
To: '[EMAIL PROTECTED]'
Subject: Reverse DNS
Group,
Question, if you are maintaining the DNS zones for your domains, do
you need reverse zones with entries for each of your domains the
Internet
needs to get to? Let's say your ISP is providing secondary DNS for you,
will they host reverse DNS for you? or do you still need to provide for
reverse DNS regardless?
Thanks,
Wayne
_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]