Yes, there is a way. We have our DNS working this way (we "only" own 64 IPs
but it was unacceptable for us to have DNS hosted at the ISP).
However, most ISP dont have the slightest clue on how to do it.
It is called "classless in-addr.arpa delegation" and described in RFC 2317.
More information about it can be found at http://www.ripe.net/reverse/
If you have trouble to get your ISP to set this up properly (it took our
ISP something close to 6 months to figure it out...), I suggest you write
an email to RIPE (in case your living in europe, that is). They will, on
your behalf, contact your ISP and help them to do the delegation.
HTH
Chris Burri
Network/Security Engineer
Synecta Informatik AG
Zwinglistrasse 3
9000 St. Gallen
SWITZERLAND
.-.
/v\ L I N U X
// \\ >I know KungFu!!<
/( )\
^^-^^
Michael
Zimmermann An: "Reckhard, Tobias"
[about how to do reverse delegation for one's IP's] Either you use the RFC 2317 muck to work around BIND's configuration file problems with CIDR, introducing lots of ugly CNAMEs in the process.
Pardon me, Tobias, you're saying, that there is a way to do reverse delegation WITHOUT either having the corresponding arpa zone delegated to you (either as a class-C delegation or a partial one through RFC2317) ? How? That would mean you could (howsoever ugly) go around the arpa authoritative nameserver for the class-C subnet -- which would be certainly security related in my version of the DNS bible. Greetings - -- Michael Zimmermann (Vegaa Safety and Security for Internet Services) Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD4DBQE9fwKs72vu22ltWBERAkqCAJdmG9cANXl0gqGiBjMV2TachzhNAJ0W1JZG Ftw4iGtjel4BY1SL/PbCOg== =bi9m -----END PGP SIGNATURE----- -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here