Can a Scope be delegated to a DNS server within the scope?

Question

I've been considering expanding my IP block to the /28 size and having Comcast delegating the scope to me. Obviously I need a DNS server that can handle the requests but I'm curious about whether there are restrictions on the DNS server. Can the server be located within the scope it controls?

Another question - Would I need to have the server pre-configured with reverse DNS info for all the IPs in the scope when I make the request or could I do that afterwards?

I already have a DNS server within my scope that is externally accessable and I would like to use that one. I could also setup a DNS server outside the scope but that would have additional carrying cost that I would like to avoid.

BeardedOne · Accepted Answer

Well I guess I'll answer my own question in case it helps others. Comcast doesn't seem to care where your DNS servers are. You have to provide them DNS names for two name servers such as:

dns0.myserver.com

dns1.myserver.com

I'm not sure if they even validate if there are name servers at those addresses because in my case there were. It is not neccessary to have the PTR records for the scope established ahead of time. It also appears that reverse DNS on the nameserver IPs does not have to resolve to the forward name.

It took a while for my request to finally be completed due to mis-routed tickets and confusion over my request. I don't think the first techs I dealt with even knew what scope delegation was. Ultimately though they came through and I now have control over my IPv4 reverse DNS. I'm still not sure about IPv6 and neither are the techs. They will get back to me about that. I may already have control, I haven't tried assigning any IPv6 names yet. I'm still pretty much a newbie when it comes to IPv6.

skymeat · Answer

So I'll tell you what I do. That might make more sense. I have an internal domain and DNS server. Then I have external DNS with GoDaddy, it doesn't matter, it's the company I manage the DNS for the domain I control.

So in short it doesn't matter, in long...As soon as you go to a /28 then you will need to re IP everything, and wait for Comcast to make ptr records which can take some time.

Let me know if that makes sense.

BeardedOne · Answer

It makes sense but doesn't actually answer my question. Once the zone transfers I will have to make the PTR records myself on whatever DNS server that Comcast would transfer control to. I'm wondering if Comcast has any restrictions on that DNS server such as wanting it outside the scope or that it be pre-configured with PTR records for the whole scope.

There is no technical reason that I'm aware of that it can't be withing the scope. Preconfiguring it would be no problem, I'd just asign the same names that Comcast would assign to start off. That assumes I know what the scope is, that would only be an issue if I expand the scope and ask for the transfer at the same time.

I have a sandbox setup in which I do similar things internally. So I guess my real question is if Comcast has any pre-requisites on the DNS server that the scope will be assigned to.

skymeat · Answer

Okay I think I'm getting you. Pretty much you want reverse DNS entries created for your new scope? If that's the case they just create the ptr records when you request them to make the record, you have to PM a mod here, the phone people can't or don't know what you're talking about.

When I've requested ptr it seems to take a few days, so don't activate the new IP range until you get the records created.

BeardedOne · Answer

Delegating the scope to me means I can asign my own PTR records for reverse DNS. To accomplish that I need a DNS server that can be authorative for that IP range. My question is whether or not Comcast has any restrictions on that DNS server. Ideally I would want to use a DNS server that I have that is located within that scope. Other options are a third party DNS server or a DNS server that I run on a cloud server that is outside the scope range. I already have cloud servers but they do not generally run 24/7. To use one of them would mean it would have to run 24/7 which would add some cost, so would using a third party DNS server.

BeardedOne · Answer

Well I guess I'll find out. I expanded my scope to a /28 on Monday and on Tuesday I called and asked for the scope to be delegated. The rep didn't complain when I gave a DNS server that was within the scope but I'm not sure if he knew the technical details. He just created a ticket and said it can take up to 72 hours to take effect. They will call or Email me if there are any issues.

BeardedOne

Can a Scope be delegated to a DNS server within the scope?

BeardedOne

skymeat

BeardedOne

skymeat

BeardedOne

BeardedOne