IPv6 Reverse DNS
IPv6 is fun, if you know how to handle it ! As a “sponsor LIR”, i got my own AS and a small /44 IP Space. So, as we all do “forward” DNS with our Domains, i’d like to have Reverse DNS as well. And as i don’t have a legacy IP Range, i like todo it with my v6 Space. Special thanks to Christian for his remote Hands/Tips. Appreciate it!
Nothing really special. I’ve got Public NameServer (which are Dual Stacked) running on OpenBSD and hanging around in Europe. The “Nameserver” is NSD from NLNETLABS. The Configuration and Syntax is similar to the well known “Bind”, but without the Security Issue Bind has since ever ;)
NSD Configuration File
just add the revese zone as you did with the forward ones /var/nsd/etc/nsd.conf
zone: name: "0.0.0.0.0.4.7.0.0.c.7.9.e.0.a.2.ip6.arpa" zonefile: "master/2a0e.97c0.0740.0000.rev.zone" include-pattern: "toslave"
Reverse Zone File
the zonefile is a bit more complicated, was we have to insert the whole, expanded line for every host. use as small python script, ansible or other tool to build this file.
; # managed by ansible: template.rev.zone.j2 $TTL 1800 @ IN SOA ns1.noflow.ch. hostmaster.noflow.ch. ( 2022030703 ; serial 3600 ; refresh (1 hours) 900 ; retry (15 min) 1209600 ; expire (2 weeks) 1800 ; minimum (30 min) ) ; NS IN NS ns1.noflow.ch. IN NS ns2.nolink.ch. IN NS ns3.noflow.ch. ; PTR Records 188.8.131.52.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.7.0.0.c.7.9.e.0.a.2.ip6.arpa. IN PTR host1.example.com. 184.108.40.206.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.7.0.0.c.7.9.e.0.a.2.ip6.arpa. IN PTR host2.world.net. 220.127.116.11.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.7.0.0.c.7.9.e.0.a.2.ip6.arpa. IN PTR host3.no.where.
it’s always good to check if your configuration is working as expected. i wasted a few hours because dig/dog didn’t work as expected :(
test with host
$ host 2a0e:97c0:0740::1 ns1.noflow.ch Using domain server: Name: ns1.noflow.ch Address: 18.104.22.168#53 Aliases: 22.214.171.124.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.7.0.0.c.7.9.e.0.a.2.ip6.arpa domain name pointer host1.example.com.
test with dig
$ dig +short @ns1.noflow.ch -x 2a0e:97c0:0740::1 host1.example.com.
fail with dig
if you put the @nameserver after “-x”, you will get a NXDOMAIN back !
$ dig +short -x @ns1.noflow.ch 2a0e:97c0:0740::1 $
fail with dog
i also tried dog, but this is even worse. Looks like reverse name Lookups are not supported at all !
so, i just need to talk to ripe and let them delegate my Adress Space to my Nameservers :)