[Dnsmasq-discuss] Subnet specifications for authoritative dns
Simon Kelley
simon at thekelleys.org.uk
Tue May 28 13:59:07 BST 2013
On 27/05/13 20:30, Toke Høiland-Jørgensen wrote:
> Hi
>
> What's the rationale behind limiting subnet definitions in auth-zone to
> (for IPv4) /8, /16 and /24?
>
> I'd like to limit the hosts that show up in authoritative DNS to a
> smaller subnet (/25 in this case), to prevent hosts on my guest network
> From being globally named.
>
It's to do with delegating reverse DNS, which happens at the octet
level. For instance for 10.0.0.0/8, the domain
10.in-addr.arpa
is delegated, whilst for
192.168.1.0/24 its
1.168.192.in-addr.arpa
In your case, to delegate 192.168.1.0-127 or
192.168.1.128-255 isn't possible using this scheme. There is a
workaround involving CNAMES, but it's complicated for a simple-to-setup
scheme, which is what dnsmasq is trying to provide.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list