Our organization has a /19 assignment from ARIN. We have given
portions of this space to several other companies within our
corporate umbrella. Several of these other companies have their own
nameservers, and would like to be able to manage DNS on their own
for their in-addr.arpa. blocks. What would be the best way to
delegate authoritiy for them? ARIN is pointing to our 2 nameservers
for the entire /19. Do I need to use some sort of RFC2317 method
here, or would I be able to just install zones for each /24 with NS
records pointing to the other companies' servers? Also, what are
some good ways to test and verify that this is all working?
Our organization has a /19 assignment from ARIN. We have given
portions of this space to several other companies within our
corporate umbrella. Several of these other companies have their own
nameservers, and would like to be able to manage DNS on their own
for their in-addr.arpa. blocks. What would be the best way to
delegate authoritiy for them? ARIN is pointing to our 2 nameservers
for the entire /19. Do I need to use some sort of RFC2317 method
here, or would I be able to just install zones for each /24 with NS
records pointing to the other companies' servers? Also, what are
some good ways to test and verify that this is all working?
DNS is very comfortable w/ /24 delegations. try that.
DIG is your friend.
Either by doing DNS delegation on the zone boundary or by SWIP'ing the
space to the other company.
It is very easy to do DNS delegation, say if you have 128.0.0.0/19, and
you want to delegate 128.0.1.0/24, in your zone file for
0.128.in-addr.arpa zone put
Either by doing DNS delegation on the zone boundary or by SWIP'ing the
space to the other company.
You can SWIP it yes, but that won't help DNS on small blocks like /24's.
It is very easy to do DNS delegation, say if you have 128.0.0.0/19, and
you want to delegate 128.0.1.0/24, in your zone file for
0.128.in-addr.arpa zone put
The only way it will work is to use RFC2317 or slave the zones from the
other name server. Because he does not have the entire /16 you can't
just delegate like that.
Unless I've missed something really obvious, the original requestor has a
/19 allocation, say 192.168.32.0/19 . ARIN has DNS-delegated this to the
original requestor as a series of /24s, eg:
One, he secondaries the appropriate domain from the customers nameservers
onto his nameservers. Very easy, since the delegation already points to
his nameservers, and he can market this as 'the domain is there even if
you are disconnected!'.
Or two, he creates a seperate netblock in the ARIN registry describing the
customer's /24, and nominates their nameservers instead of his, listing
his nameservers as backup just in case. ARIN change the DNS delegation at
their next zone generation.
Or third, he describes the situation to a friendly ARIN representative,
who ought to give the above solutions, as well as suggest getting the DNS
& Bind book from O'Reilly for bedtime reading.