On Tue, 24 Sep 2002, Steve Drees wrote:
> > > > > BTW, there is an RFC on how to do delegations that dont
> > align with a IP
> > > > > dot boundry. Search google for it and forward a copy to
> > your ISP. Its
> > > > > about 5+ years old, long enough for any competent ISP to be able to
> > > > > support.
> > > >
> > > > I know, and I did.
> > >
> > > A competent sysadmin wouldn't implement that RFC because it is
> > fundamentally
> > > broken.
> > >
> >
> > I am all ears! What is broken about it? (I am especially
> > curious, since it is used,
> > apparently successfully, by many people.)
>
>
> http://www.merit.edu/mail.archives/nanog/thismonth/msg00154.html
Actually, if you'll read that closer, you'll see that the post that pst
was answering was recommending a style of doing this that was NOT as per
RFC 2317.
And actually, the way described (if I understand what they are saying)
there is actually completely valid as well.
You can do..
$ORIGIN x.y.z.in-addr.arpa.
16 IN NS NS1.somecompany.moc
16 IN NS NS2.somecompany.moc
.
.
31 IN NS NS1.somecompany.moc
31 IN NS NS2.somecompany.moc
and
32 IN NS NSA.other.foo.
32 IN NS NSB.other.foo.
..etc..
In order for this to work, each of those nameservers needs to have NS
entires point the sections that they do NOT control back to the parent,
so that clients using them as resolvers can look those up. Due to this,
this is a slightly messier way than the one I prefer, but its
technically workable.
Neither of these conflict with any DNS RFC, and RFC 2317 is itself an
RFC anyway. It is perfectly valid to use CNAMES in an in-addr.arpa zone,
or to delegate NS for individual IP address entires - the DNS doesnt
know anything about IP addresses (well, except in A records anyway), its
all just strings.. 1.2.3.4.5.6.7.8.9.in-addr.arpa. is a valid DNS owner
record. Now, it doesnt *mean* anything in the IP world and it
(probably) wouldnt be useful in doing reverse IP lookup, but it doesnt
violate anything as far as DNS is concerned.