as I mentioned in a couple of posts before I have a small network enviroment with a couple of subnets
We are using subnets inside the CIDR range: 10.230.0.0/16, so I have the 256 subnets
10.230.0.0-10.230.255.0 with a 24bit masks
So all clients got an ip address like this:
10.230.10.x/24 and the default gateway points to 10.230.10.1/24 CCR router
10.230.50.x./24 and the default gateway points to 10.230.50.1/24 CCR router
and so on..
routing between the different subnets are working without issues but I am unsure about the catch all subnet for a new Windows 2012 DC.
Do I have to use a IP like 10.230.10.x/16 on the router and the DC and all clients?
Would it be enough to create a reverse lookup like 230.10.in-addr.arpa to catch all subnets or do I have to create a reverse file for all subnets?
a external consultant told us that we are using the wrong masks for our network and now I am quite confused about this…
If you configure a 230.10.in-addr.arpa zone, then the server will “catch” all reverse lookup requests for the entire 10.230.0.0/16 block.
You could go a step further and just resolve 10.in-addr.arpa with an empty zone so that no requests for any 10.x.x.x space will make it past your DC, but I would suggest that you at least create the master catch-all empty zone for 230.10.in-addr.arpa.
You would then create specific zones for the ranges you’re actually using - i.e. 10.230.10.in-addr.arpa and 50.230.10.in-addr.arpa.
This is so that the DHCP server will know which zone to add hosts into, for instance.
I would say that you might also want to create a blackhole route on the Mikrotik itself:
/ip route add dst=10.230.0.0/16 type=blackhole
This will make sure that your router is also considering the entire 10.230.0.0/16 CIDR block to be local only.
The block 10.230.10.0/16 doesn’t make sense because it’s not a CIDR boundary for /16 (that would be 10.230.x.x) - so that might be what the “wrong netmask” comment from the consultant was referring to.