Re: [webmin-l] Reverse DNS CIDR additions.

[Kris D. <kd...@vi...>]

Grant Peel wrote:
> It is time I canged my reverse DNS setup to the mainstream way of doing 
> things.

It looks like you're already set up using one method for classless rDNS 
delegation.  Is there any particular reason you'd like to make a change?

> Can anyone walk me through a setup for a single zone, using the webmin 
> interface, for a CIDR block?
>  
> Network:
> 216.187.107.192 / 27
>  
> My Usable IPs:
> 196-222
>  
> Yes, my ISP has delegated my nameservers for reverse (I am already doing 
> reverse on these IPs, using a single zone for each IP).

OK, the change you want to make is a different manner of delegating CIDR 
rDNS.  What you have right now is the setup where the upstream 
delegation is done via NS records for each IP delegated, resulting in 
one zone per IP on your side.

The other method uses sets of CNAMEs pointing into a new zone, eg for 
192.168.1.0/27:  (Assuming you're using BIND, only showing actual zone data)

Upstream 1.168.192.in-addr.arpa. zone includes:

2	IN	CNAME	2.0-27.1.168.192.in-addr.arpa.
3	IN	CNAME	3.0-27.1.168.192.in-addr.arpa.
...
29	IN	CNAME	29.0-27.1.168.192.in-addr.arpa.
30	IN	CNAME	30.0-27.1.168.192.in-addr.arpa.

("Usable IPs" in a netblock are *usually* "netnum plus two" through to 
the second-last IP in the block;  most setups I've met use the "netnum 
plus one" as the router, and the highest IP as the broadcast.  If you 
really only have 196-222 as usable, then your upstream is doing odd 
things and "stealing" two more IPs from your netblock.)

There would then also be suitable NS records entered in the upstream 
1.168.192.in-addr.arpa. zone:
0-27	IN	NS	ns1.yoursystem.com.
0-27	IN	NS	ns2.yoursystem.com.

You would then set up a zone 0-27.1.168.192.in-addr.arpa., with suitable 
records for each IP:

2	IN	PTR	your-rdns-2.yoursystem.com.
3	IN	PTR	your-rdns-3.yoursystem.com.
...  etc.

The details of how this is implemented vary from ISP to ISP (in 
particular, the name of the actual delegated zone may be just about 
anything, and the CNAMEs pointed *to* can follow quite a few possible 
patterns);  there is no "one right way", but the general concept of 
using CNAME pointers from the "real" zone into your delegated zone applies.

Note that this is **NOT** just a change on your end;  this also requires 
your ISP to change how they delegate the rDNS to you!  If you've already 
got something up and running, I'd say you're better off leaving that in 
place.  If you can convince your upstream provider to change things, 
you'll have to get details of how they implement this from them.

> I have read, and sorta understand the RFC's and Have gone through Joe's 
> book on this a few times, now just looking for a working example to tie 
> off the loose ends.

If you've got specific questions, ask away.  Like I noted above, 
however, making this change *will* require you to consult your provider 
to find out how (or even if) they'll delegate rDNS this way - it's not 
just a change on your system.

rDNS is so much easier when you can delegate along /24 divisions.  <g>

-kgd