Skip to main content

Delegation Of in-addr.arpa Subdomains

(12 October 2012)

Problem:

I need to delegate part of my /24 to another name server.

Solution

This is known as the RFC-2317 solution.

Basically for each address you are delegating, you put in a CNAME to a subdomain zone. Then you put in a NS record indicating this subdomain is resolvable at a different name server (or servers). The subdomain delegated is named with the "sub" part the range of IPs in the delegation, typically the first IP, dash, last IP in the range.

Since allocations are usually done on a power-of-two boundary this makes naming easy. However power-of-two boundaries are not mandatory.

For example:

We own the arpa zone for 172.16.0.0/24. We need to delegate 172.16.0.50 through 172.16.0.99 to another server.

To do this we'll create CNAMEs for these IPs to refer to PTRs in a new subdomain, 50-99.0.16.172.in-addr.arpa.

So in 0.16.172.in-addr.arpa:

# Delegate 172.16.0.50 -> .99 elsewhere
50-99.0.16.172.in-addr.arpa.  NS some-other-dns-server.com.
$GENERATE 50-99 $ IN CNAME $.50-99.0.16.172.in-addr.arpa.

The other dns server creates the zone called 50-99.0.16.172.in-addr.arpa and populates it with the PTR records:

50.50-99.16.172.in-addr.arpa.  PTR some.name.com.

Done!

Note that you could theoretically call the subdomain anything, eg telling you who the delegation is to, instead of identifying the range. But the RFC refers to ranges.

This is explained in section 9.5.2.2.3, "Solution 3", of the O'Reilly DNS & Bind 4th edition (go here and scroll down).