0

But I don't manage the ip address blocks...

I have 2 dedicated servers each in different data centers

  1. the first provider offers me a panel to configure the reverse zones myself, in this case if they are already configured, should I also assign them to the bind9 dns server?

I am a little confused, because if the name server authorized for the ip address is my provider, then it is not ahead to place bind9 within the dns server?

Or in any case, how did that provider give me the possibility of adding the reverse zones myself, and the domain is left with authority so that I can also implement it within bind9?

  1. the second provider does not provide me with a panel to add the reverse zones pointing to host2.example.com, so would it not work if I add the reverse zone to the bind9 dns server?
Andrés Alvarez
  • 11
  • 4
  • 1
    You must ask your first provider how does this feature work. Probably the configuration you input into their panel is just imported into their DNS server. So, if the panel allows you to enter the NS records and delegate the reverse zone to your DNS server, you can do it. Otherwise, you should just copy & paste the config into their panel. In the second case, it will obviously not work, as nobody will ask your server about the reverse zone if it is delegated to your provider's server. – raj Aug 05 '22 at 11:25

1 Answers1

0

You can always create a zone, but will be it useful or not, depends on will the above level authority delegate anything to it or not. This includes any kind of zones; from the DNS server point of view, reverse zone is no different than forward zone. The only difference is that forward zone delegations you can buy from registrars, and reverse zones delegations like "2.0.192.in-addr.arpa" are inherited together with correspondent address blocks.

Reverse delegation has a curious property (due to how reverse zone lookup is constructed): for IPv4 it is done by octet boundaries. I mean, reverse zone for the "10.0.0.0/8" block can be delegated (that zone will get name 10.in-addr.arpa), "192.0.2.0/24" can (with the name 2.0.192.in-addr.arpa), but "192.0.2.64/26" can not, because there is no defined reverse zone name for this subnet. So, if you aren't talking about the whole /24 (or /16 or /8) block of addresses, direct delegation (in the DNS sense) of a "partial block" is impossible.

It still could be somewhat emulated with CNAME trickery. You create some zone (or use any existing zone, this doesn't matter) and create PTRs for your IPs in it. Then, the owner of the /24 block from which your subblock was carved creates bunch of CNAMEs to your PTRs. If your provider agrees to do that (for instance, if you can set up those CNAMEs in mentioned panel), go ahead, create a zone and set up a "delegation". If no, your zones will be useless (except for your internal clients which you can direct to your servers artificially).

After this discussion, I want you to think: why do you need a delegation? Are you planning to change your PTRs often? This is the thing that is rarely consulted, the most notable is the use of PTRs in the mail server validity checking. So basically you need to set up PTR once when you choose the host name for your mailer, and then it would never change. Just do it once in the provider panel and forget.

Nikita Kipriyanov
  • 10,947
  • 2
  • 24
  • 45
  • Thank you for your prompt response, actually more than anything it is because of the email, but I want to have shared hosting in my dedicated and the domain names I point to my dns and from what I understood in the bind9 I would also have to have the PTR records – Andrés Alvarez Aug 05 '22 at 12:47
  • 1
    The trick with CNAME records to go around the obtets boundaries is explained in RFC 2317 "Classless IN-ADDR.ARPA delegation". – Patrick Mevzek Aug 05 '22 at 13:10
  • @PatrickMevzek My point was that it is possible to do same thing even with several sparsely spread IP addresses, not just with the whole consecutive power-of-two block of IP addresses. And it doesn't strictly require even additional zone, as the zone where we can put those PTRs may be arbitrary. The only *real* requirement is to be able to set up CNAMEs in the actual reverse DNS zone. – Nikita Kipriyanov Aug 05 '22 at 13:34
  • "The only real requirement is to be able to set up CNAMEs in the actual reverse DNS zone." Which is exactly what RFC 2317 says... – Patrick Mevzek Aug 05 '22 at 15:24