[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

Daniel Stone wrote:
> Here's where theory and practice come into play. I only have a small chunk
> of 203.36.158.* (113-127, afaik), so how can you DNS-delegate that? At
> least, if there is a way, Telstra haven't figured it out yet.

This is actually quite doable, you just need to have a clued isp[1] who
sets up a nifty little forwarding trick in the reverse DNS. Here's an
exmple of how my old ISP did it:

   net152                  ns      kitenet.net.
   153                     cname   153.net152.200.144.198.in-addr.arpa.
   154                     cname   154.net152.200.144.198.in-addr.arpa.
   155                     cname   155.net152.200.144.198.in-addr.arpa.
   156                     cname   156.net152.200.144.198.in-addr.arpa.
   157                     cname   157.net152.200.144.198.in-addr.arpa.
   158                     cname   158.net152.200.144.198.in-addr.arpa.

I then had to set up a zone on my dns server (kitenet.net) called 
net152.200.144.198.in-addr.arpa just like I would have for 
200.144.198.in-addr.arpa if I had had the whole class C.

It abuses bind horribly, and takes a lot of cname records on the ISP's
side,  but it works.

see shy jo, whose reverse DNS doesn't resolve properly right now, horrors!

[1] Well, I've had 3 very good isp's out of ~15 total, and only one was
    clued enough to know how to do it, so..

Reply to: