IPv6 Reverse DNS

Page content

IPv6 is fun, if you know how to handle it ! As a “sponsor LIR”, i got my own AS and a small /44 IP Space. So, as we all do “forward” DNS with our Domains, i’d like to have Reverse DNS as well. And as i don’t have a legacy IP Range, i like todo it with my v6 Space. Special thanks to Christian for his remote Hands/Tips. Appreciate it!

Setup

Nothing really special. I’ve got Public NameServer (which are Dual Stacked) running on OpenBSD and hanging around in Europe. The “Nameserver” is NSD from NLNETLABS. The Configuration and Syntax is similar to the well known “Bind”, but without the Security Issue Bind has since ever ;)

NSD Configuration File

just add the revese zone as you did with the forward ones /var/nsd/etc/nsd.conf

zone:
  name:                 "0.0.0.0.0.4.7.0.0.c.7.9.e.0.a.2.ip6.arpa"
  zonefile:             "master/2a0e.97c0.0740.0000.rev.zone"
  include-pattern:      "toslave"

Reverse Zone File

the zonefile is a bit more complicated, was we have to insert the whole, expanded line for every host. use as small python script, ansible or other tool to build this file.

/var/nsd/master/2a0e.97c0.0740.0000.rev.zone

; # managed by ansible: template.rev.zone.j2
$TTL 1800
@     IN  SOA   ns1.noflow.ch.  hostmaster.noflow.ch. (
             2022030703  ; serial
             3600     ; refresh (1 hours)
             900      ; retry (15 min)
             1209600  ; expire (2 weeks)
             1800     ; minimum (30 min)
             )

; NS
                      IN  NS     ns1.noflow.ch.
                      IN  NS     ns2.nolink.ch.
                      IN  NS     ns3.noflow.ch.

; PTR Records
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.7.0.0.c.7.9.e.0.a.2.ip6.arpa.   IN  PTR      host1.example.com.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.7.0.0.c.7.9.e.0.a.2.ip6.arpa.   IN  PTR      host2.world.net.
3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.7.0.0.c.7.9.e.0.a.2.ip6.arpa.   IN  PTR      host3.no.where.

testing configuration

it’s always good to check if your configuration is working as expected. i wasted a few hours because dig/dog didn’t work as expected :(

test with host

$ host 2a0e:97c0:0740::1  ns1.noflow.ch
Using domain server:
Name: ns1.noflow.ch
Address: 45.15.80.202#53
Aliases: 

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.7.0.0.c.7.9.e.0.a.2.ip6.arpa domain name pointer host1.example.com.

test with dig

$ dig +short @ns1.noflow.ch -x 2a0e:97c0:0740::1   
host1.example.com.

fail with dig

if you put the @nameserver after “-x”, you will get a NXDOMAIN back !

$ dig +short -x @ns1.noflow.ch 2a0e:97c0:0740::1 
$ 

fail with dog

i also tried dog, but this is even worse. Looks like reverse name Lookups are not supported at all !

so, i just need to talk to ripe and let them delegate my Adress Space to my Nameservers :)

sha256: 0edc0341905d10526a92fcc41ca699457e290d4732c9b62e8470eca2f2235f82