DNS Exercise 4.2: Setting up Reverse DNS (in-addr.arpa.) for a /24 IP Block
===========================================================================

We are going to delegate the reverse /24 for your group to your
nameservers.

The allocation will be done based on your group number so if your Group
is 1, that group will be responsible for 10.10.1.0/24, Group2 will be
responsible for 10.10.2.0/24, etc...

You will therefore setup reverse DNS for 10.10.X.0/24, where X is your
Group number. You will create master nameservice on your own machine,
for the X.10.10.in-addr.arpa zone, and someone else will setup their machine
to be a slave server for X.10.10.in-addr.arpa.

Then you will ask the administrator for the domain (your RIR in real life)
above you (10.in-addr.arpa) to delegate the /24 to you.

Please refer to the previous DNS exercise for setting up a domain


Exercise
--------

*   Write the domain allocated to you here:  `____.10.10.in-addr.arpa.`
    (e.g. Grp12 will write 12.10.10.in-addr.arpa.)

*   Find someone who will agree to be slave for your domain. You must choose
    someone on a DIFFERENT table to you. (Remember RFC2182: secondaries must
    be on remote networks). You can have more than one slave if you wish.

*   Create your zone file in `/etc/namedb/master/X.10.10.in-addr.arpa`
    (where X is your Group number)


- - - - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - - -
$TTL 10m
@		IN      SOA     master.grpXXX.ws.nsrc.org.  yourname.example.com. (
                                  	2011021601    ; Serial
                                  	10m           ; Refresh
                                  	10m           ; Retry
                                  	4w            ; Expire
                                  	10m )         ; Negative

IN      NS      master.grpXXX.ws.nsrc.org. ; master
IN      NS      master.grpYYY.ws.nsrc.org. ; slave

1		IN	PTR	master.grpX.ws.nsrc.org.

$GENERATE 11-254 $	IN	PTR	server$.MYTLD.

- - - - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - - -

    Replace `yourname.example.com.` with your home E-mail address, changing
    "@" to "." and adding a "." to the end.

    Replace MYTLD with the new domain you picked in the previous DNS
	delegation exercise.

    We have chosen purposely low values for TTL, refresh, and retry to make
    it easier to fix problems in the classroom. For a production domain you
    would use higher values, e.g. `$TTL 1d`

*   Edit `/etc/namedb/named.conf` to configure your machine as
    master for your domain (see slides for information how to do this)

*   Check that your config file and zone file are valid, and then reload the
    nameserver daemon:

        # named-checkconf
        # named-checkzone X.10.10.in-addr.arpa \
                  /etc/namedb/master/X.10.10.in-addr.arpa

    *If there are any errors, correct them*

        # rndc reload
        # tail /var/log/messages

    *If there are any errors, correct them*. Some configuration errors can
    cause the daemon to die completely, in which case you may have to
    start it again:

        # /etc/rc.d/named restart

*   Assist your slaves to configure themselves as slave for your domain, and
    configure yourself as a slave if asked to do so by another table.
    Again, the instructions for how to do this are on the slides. If you
    have changed your `named.conf` so that you are a slave for someone
    else, make sure there are no errors in `/var/log/messages` after you
    do `rndc reload`.

*   Check that you and your slaves are giving authoritative answers for
    your domain:

        # dig +norec @10.10.X.1  X.10.10.in-addr.arpa. soa
        # dig +norec @10.10.Y.1  X.10.10.in-addr.arpa. soa

    Check that you get an AA (authoritative answer) from both, and that
    the serial numbers match.

*   Now you are ready to request delegation. Bring the following form to the
    classroom instructor:

        Domain name:          __.10.10.in-addr.arpa.

        Master nameserver:    master.grp___.ws.nsrc.org

        Slave nameserver:     master.grp___.ws.nsrc.org.    (optional)

*   You will not get delegation until the instructor has checked:

    - Your nameservers are all authoritative for your domain
    - They all have the same SOA serial number
    - The NS records within the zone match the list of servers you are
      requesting delegation for
    - The slave(s) are not on the same desk as you

*   Once you have delegation, find the names associated with
    10.10.X.1 and 10.10.X.12

    Try this:
    - On your own machine

        # dig +norec @10.10.X.1 -x 10.10.X.1
        # dig +norec @10.10.X.1 -x 10.10.X.12

    - On someone else's machine (who is not slave for you)
    - On a machine elsewhere on the Internet, if you have access to one
      (www.dnsstuff.com)

