[Dnsmasq-discuss] Subnet specifications for authoritative dns

Simon Kelley simon at thekelleys.org.uk
Tue May 28 13:59:07 BST 2013


On 27/05/13 20:30, Toke Høiland-Jørgensen wrote:
> Hi
>
> What's the rationale behind limiting subnet definitions in auth-zone to
> (for IPv4) /8, /16 and /24?
>
> I'd like to limit the hosts that show up in authoritative DNS to a
> smaller subnet (/25 in this case), to prevent hosts on my guest network
>  From being globally named.
>

It's to do with delegating reverse DNS, which happens at the octet 
level. For instance for 10.0.0.0/8, the domain

10.in-addr.arpa

is delegated, whilst for

192.168.1.0/24 its

1.168.192.in-addr.arpa

In your case, to delegate 192.168.1.0-127 or
192.168.1.128-255 isn't possible using this scheme. There is a 
workaround involving CNAMES, but it's complicated for a simple-to-setup 
scheme, which is what dnsmasq is trying to provide.

Cheers,

Simon.



More information about the Dnsmasq-discuss mailing list