Imagine that your company’s network owns the IPv4 range 126.96.36.199 – 188.8.131.52. The Reverse Lookup zone would be 60.50.40.in-addr.arpa, covering this entire network. Your primary nameserver is ns.acme.com. Your zone would look something like this:
60.50.40.in-addr.arpa ns.acme.com. support.acme.com. ( 20111202001 4h 1h 1w 1h ) @ IN NS ns.acme.com. 1 IN PTR www.acme.com.
But now you want to delegate the range 184.108.40.206 – 220.127.116.11 to the nameserver coyote.acme.com. Since it also resides in the same reverse zone, you cannot delegate this entire zone, as this would just move your entire network to the control of coyote.acme com, something you might not want to achieve with delegation.
You could create a zone for each host (18.104.22.168.in-addr.arpa, 22.214.171.124.in-addr.arpa, 126.96.36.199.in-addr.arpa etc.), but in that case you’d have to create 20 zones! Just image the amount of zones when delegating a network like 188.8.131.52/8. That would be over 16 million zones created by hand.
Instead there’s an easy workaround for this problem. We create a subdomain, delegate the subdomain, and then create a CNAME for each address. Like this:
60.50.40.in-addr.arpa ns.acme.com. support.acme.com. ( 20111202001 4h 1h 1w 1h ) @ IN NS ns.acme.com. 1 IN PTR www.acme.com. ; Delegation of 184.108.40.206 - 39. Make sure that you have an A record of coyote ; pointing to its IP address. 20-220.127.116.11.in-addr.arpa. IN NS coyote.acme.com. 20 IN CNAME 20.20-18.104.22.168.in-addr.arpa. 21 IN CNAME 21.20-22.214.171.124.in-addr.arpa. 22 IN CNAME 22.20-126.96.36.199.in-addr.arpa. ; ---- all the way up to the latest address 39 IN CNAME 39.20-188.8.131.52.in-addr.arpa.
On the coyote.acme.com nameserver, create a reverse zone called ’20-184.108.40.206.in-addr.arpa.’.
Now create the PTR records like you would do with any reverse zone, but just the delegated addresses.
20-220.127.116.11.in-addr.arpa coyote.acme.com. support.acme.com. ( 20111202001 4h 1h 1w 1h ) @ IN NS coyote.acme.com. 20 IN PTR tools.coyote.acme.com. 21 IN PTR ftp.coyote.acme.com. 39 IN PTR intranet.coyote.acme.com.
At this point you might be thinking how you large your zone file might become if you’re doing this with a big amount of addresses, like 18.104.22.168 – 22.214.171.124. We use the $GENERATE statement in BIND to generate this for us. So the zone file would look like this:
60.50.40.in-addr.arpa ns.acme.com. support.acme.com. ( 20111202001 4h 1h 1w 1h ) @ IN NS ns.acme.com. 1 IN PTR www.acme.com. 10-126.96.36.199.in-addr.arpa. IN NS coyote.acme.com. $GENERATE 10-200 $. IN CNAME $.10-188.8.131.52.in-addr.arpa.
Or even a 184.108.40.206/16 network with the range 220.127.116.11 – 18.104.22.168:
5.in-addr.arpa ns.acme.com. support.acme.com. ( 20111202001 4h 1h 1w 1h ) @ IN NS ns.acme.com. 1.0.0 IN PTR www.acme.com. coyote.5.in-addr.arpa. IN NS coyote.acme.com. $GENERATE 0-255 $.$.1 IN CNAME $.$.1.coyote.5.in-addr.arpa. $GENERATE 0-255 $.$.2 IN CNAME $.$.2.coyote.5.in-addr.arpa.
On your delegated nameserver, create the reverse zone ‘coyote.5.in-addr.arpa.’
As you can see, this is a much easier than creating a zone for each address.
If you request your public IP address to be delegated to you by your ISP, you’ll be bound to the way they delegate this to you. But most ISPs will do it just like this.
These instructions are for BIND9, but you can use the same procedure on any DNS server, including Microsoft DNS Server.