Reverse DNS for 10.0.0.0/9

In Cambridge, the largest RFC 1918 address block, 10.0.0.0/8, is divided in two. The bottom half, 10.0.0.0/9, is for institution-private usage and is not routed on the CUDN. The top half, 10.128.0.0/9, is CUDN-wide private address space. (The Cambridge IP address ranges page has more information.)

This page describes how we have set up the zone 10.in-addr.arpa for convenient sharing between institution-private and CUDN-wide private uses. There are some notes on how to configure this in BIND in our sample configuration for stealth secondaries.

Our central DNS servers provide reverse DNS for this address space using two zones. The zone 10.in-addr.arpa contains 128 DNAME redirections corresponding to the top half, 10.128.0.0/9, and there are no DNS entries for the bottom half, 10.0.0.0/9. The DNAME redirections point into the zone in-addr.arpa.private.cam.ac.uk which contains the PTR records for the CUDN-wide private host registrations. Institutions which running their own DNS stealth-slave servers and which are not using 10.0.0.0/9 are advised to slave both of these zones.

If you are responsible for an institution which is using 10.0.0.0/9, you should set up your own 10.in-addr.arpa zone, with whatever PTR records you require for your part of the address space. For the top half of the address space, you should set up DNAME records just like our version of the zone. You should secondary in-addr.arpa.private.cam.ac.uk so your name server has a local copy of the DNAME targets.

The easiest way to set up the 128 DNAME records in the top half of 10.0.0.0/8 is to put the following directive in your zone file:

$GENERATE 128-255 $.10.in-addr.arpa. DNAME $.10.in-addr.arpa.private.cam.ac.uk.