Should reverse zones be mirrored?

[Wolfgang S. Rupprecht]

Renich Bon Ciric <renich at woralelandia.com> writes:
> On Tue, Aug 24, 2010 at 2:11 AM, Wolfgang S. Rupprecht
> <wolfgang.rupprecht at gmail.com> wrote:
>> Obviously the 10.x.x.x is an example address.  I've learned the hard way
>> never to give live examples.  Someone invariably cuts-and-pastes it into
>> somewhere that eventually comes back to haunt me.
>
> Wow, thanks a lot. So, the reverse zone, in this case, doesn't include
> the bind servers located outside 10.x.x.x. For example, you have 2
> bind servers:
>
> 177.x.x.x
> 75.x.x.x
>
> And, maybe, some web servers around the world:
>
> 147.x.x.x
> 95.x.x.x
>
> How can You add them to that reverse zone? Should you create another
> reverse zone for each?

Yes, you will need to put each class C network in a separate zone file.
The above example would need 4 more reverse zone files (in addition to
the 10.x one in the example).

The one thing that may not have been explained well enough up to this
point, is you can only advertise the reverse zone if whoever gave you
the IP addresses did in fact give you administrative control of the
whole Class C (or larger) network that they are on.  Eg. if your
ISP/service-provider assinged you the whole Class C, they will also need
to take care delegating the in-addr.arpa dns address space to you.  That
is who the rest of the world knows to ask your nameservers for the dns
data.  If your service provider only gave you control of one IP address
on each network, then they are going to want to keep contol of the zone
file.  In that case they will be the ones to add your hostname to their
reverse-dns zone file or have some other method of dealing with the
issue.  There are some hacks to delagate on smaller than a Class C
boundary.  You will have to ask them how they handle the delagation.

-wolfgang
-- 
Wolfgang S. Rupprecht      http://www.wsrcc.com/wolfgang/      (IPv6-only)