[Not Serious] "Combining" DNS zones?

dafydd2277 · 07-29-2011, 01:11 PM

First off, I'm asking mostly out of laziness. I fully anticipate reactions along the lines of "Not only no, but H*ll No!"

For background and context, I'm actually doing infrastructure for a small set of dev and test subdomains and subnets. I ~absolutely~ would not be doing this for a production network!

But, this being dev and test, projects come and go, hosts get swapped around, different PMs want different naming conventions, and I'm lazy enough to wonder if I can keep my subdomains in a single zone file. Something like this:

Code:

$TTL    1d
$ORIGIN dom.ain.
@   IN  SOA ns.dom.ain. root.ns.dom.ain. (
                                      201107291  ; Serial yyyymmddn
                                      3600       ; Refresh 1h
                                      1800       ; Retry   30m
                                      86400      ; Expire  1d
                                      1800 )     ; Minimum 30m
;
host1.sub1      IN      A       123.456.1.1
host2.sub1      IN      A       123.456.1.2
;
host1.sub2      IN      A       123.456.1.11
host2.sub2      IN      A       123.456.1.12
host3.sub2      IN      A       123.456.2.11
host4.sub2      IN      A       123.456.2.12

For the ~really~ odd idea, how about doing something similar with subnets? Given 123.456.1.0 and 123.456.2.0 are right next to each other, a 23-bit netmask makes them the same subnet. How might I do ~that~ in a single zone file?

Code:

$ORIGIN 1.456.123.in-addr.arpa.
$TTL    86400
@   IN  SOA ns.dom.ain. root.ns.dom.ain. (
                                      201107291  ; Serial yyyymmddn
                                      3600       ; Refresh 1h
                                      1800       ; Retry   30m
                                      86400      ; Expire  1d
                                      1800 )     ; Minimum 30m
;
1.1     IN      PTR     host1.sub1
1.1     IN      PTR     host2.sub1
;
1.11    IN      PTR     host1.sub2
1.12    IN      PTR     host2.sub2
2.11    IN      PTR     host3.sub2
2.12    IN      PTR     host4.sub2

I have my doubts about the forward zone file. If this reverse zone file actually worked, I'd fall over.

Sadly, my job is not to play, but to provide the playground for the other girls and boys. How about you all? Anyone tried it? ;D

Cheers!
dafydd

PS. On further thought: I wouldn't actually do this because it would confuse the daylights out of whoever had to take over for me if I got hit by a bus. Still fun to wonder about, though...

MensaWater · 07-29-2011, 01:52 PM

Actually we do something similar for many of our domains in Production.

We create a zone file for aliases e.g. something like:
mainzone-aliases

Contents would be something like:

Code:

@               IN SOA  ns1.maindomain.com. tech.maindomain.com. (
                        2010020501      ; serial
                        10800           ; refresh
                        3600            ; retry
                        604800          ; expire
                        86400 )         ; Minimun TTL
;
; Name Servers
;
                IN NS   ns1.maindomain.com.
                IN NS   ns2.maindomain.com.
;
; Mail Servers
;
                IN MX   10      smtp1.maindomain.com.  ; Primary MX
                IN MX   30      smtp2.maindomain.com.  ; Primary MX
;
; Addresses
;
localhost       IN A    127.0.0.1
;
@               IN A    192.168.10.1
;
www             IN A    192.168.10.1
ftp             IN A    192.168.10.2
mail            IN A    192.168.10.3

Then for domains in named.conf we might have somthing like:

Code:

zone "onedomain.com" {
        type master;
        file "mainzone-aliases";
        allow-query { any; };
};

zone "anotherdomain.com" {
        type master;
        file "mainzone-aliases";
        allow-query { any; };
};

The dig for onedomain.com would return the IP shown by the "@" in the aliases file. A dig for www.onedomain.com would show the IP shown by the www entry in the aliases file. A dig for anotherdomain.com would show the same IP as that found for onedomain.com. A dig for www.anotherdomain.com would show the same IP as that shown for www.onedomain.com. Of course I used the same IP for the domain with and without www so all 4 digs would return the same IP but one doesn't have to do this. A dig for ftp.onedomain.com and ftp.anotherdomain.com would return the same IP for both but it would be different than the www IP.

We actually have hundreds of zones aliased this way.

Also you'll note I use the same name servers and mail servers in the aliases file since we only have name server and mail server in our primary domain (described in a separate zone file). You could make those references relative as well I believe if you had access to each of those other domains to the IPs of the DNS and mail servers - we didn't see a need to do that here.