need reverse delegation for my ipv6 subnet
Marc Manthey
marc at let.de
Thu Apr 3 18:55:14 UTC 2008
hello chris and all other experts,
i want to set up reverse DNS for my subnet providet by sixxs.net , a
free tunnel broker.
So, i have a debian server with "bind " and webmin configured. My
local machine with bind is
host -6 2001:6f8:1051:0:230:65ff:fe8f:aaac
thats the reverse arpa adress of the machine called
ns1.stattfernsehen.com .
<http://pastebin.com/m1bc0c6a1>
my subnet is 2001:6f8:1051::/48
do i need all of this ?
https://noc.sixxs.net/faq/dns/?faq=reverse
thats a modified zone file from this site:
$ORIGIN c.a.a.a.f.8.e.f.f.f.5.6.0.3.2.0.0.0.0.0.1.5.0.1.8.f.
6.0.1.0.0.2.ip6.arpa.
my host adress with bind,
$TTL 604800
@ IN SOA ns1.stattfernsehen.com. hostmaster.stattfernsehen.com. (
1978022513 ; Serial
10800 ; Refresh
3600 ; Retry
2419200 ; Expire
604800 ) ; Default TTL
thats ok ?
NS ns1.stattfernsehen.com.
NS ns2.example.org. <<<<should i put ns3.gkg.net.
in here as secondary ?
TXT "2001:6f8:1051::/48" <<<<<< in quotes ?
gkg.net is my registrar so i need to put his ns as secondary , correct ?
What about the "zone" file on my registrars site ? <http://farm3.static.flickr.com/2078/2342810344_55704520a9_o.jpg
>
i would give someone access to my webmin
if he is able to help me create the required "zone" files.
>> <http://www.sixxs.net/faq/sixxs/?faq=dnsspam>
>> <http://www.sixxs.net/tools/zonecheck/>
thanks a lot
marc
--
Les enfants teribbles - research and deployment
Marc Manthey - Hildeboldplatz 1a
D - 50672 Köln - Germany
Tel.:0049-221-3558032
Mobil:0049-1577-3329231
jabber :marc at kgraff.net
blog : http://www.let.de
ipv6 http://stattfernsehen.com/matrixFrom Mark_Andrews at isc.org Thu Apr 3 22:34:18 2008
Received: with ECARTIS (v1.0.0; list bind-users); Thu, 03 Apr 2008 22:34:18 +0000 (UTC)
Return-Path: <Mark_Andrews at isc.org>
X-Original-To: bind-users at webster.isc.org
Received: from mx.isc.org (mx.isc.org [IPv6:2001:4f8:0:2::1c])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "mx.isc.org", Issuer "ISC CA" (verified OK))
by webster.isc.org (Postfix) with ESMTPS id 3B11E10E42D
for <bind-users at webster.isc.org>; Thu, 3 Apr 2008 22:34:18 +0000 (UTC)
(envelope-from Mark_Andrews at isc.org)
Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "drugs.dv.isc.org", Issuer "ISC CA" (verified OK))
by mx.isc.org (Postfix) with ESMTPS id DBAD8114027
for <bind-users at isc.org>; Thu, 3 Apr 2008 22:34:15 +0000 (UTC)
(envelope-from marka at isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1])
by drugs.dv.isc.org (8.14.2/8.14.1) with ESMTP id m33MY8Vu051820;
Fri, 4 Apr 2008 08:34:09 +1000 (EST)
(envelope-from marka at drugs.dv.isc.org)
Message-Id: <200804032234.m33MY8Vu051820 at drugs.dv.isc.org>
To: vincent.blondel at ing.be
Cc: bind-users at isc.org
From: Mark Andrews <Mark_Andrews at isc.org>
Subject: Re: stub zones and recursion ?
In-reply-to: Your message of "Thu, 03 Apr 2008 20:20:15 +0200."
<5EF8185A7B043C4998FF02732E07B5DBA6DE1D at ing.com>
Date: Fri, 04 Apr 2008 09:34:08 +1100
X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00
autolearn=unavailable version=3.2.4
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mx.isc.org
Sender: bind-users-bounce at isc.org
Errors-to: bind-users-bounce at isc.org
Precedence: bulk
List-unsubscribe: <mailto:bind-users-request at isc.org?Subject=unsubscribe>
List-Id: <bind-users.isc.org>
X-List-ID: <bind-users.isc.org>
>
> >=20
> > Does anybody get an idea to solve next problem ?
> >=20
> > I get some bind 9.2.3 resolvers,
>
> Upgrade.
> =3D=3D> foreseen for end of June
>
> > all configured the same way. All of
> > them are configured with some views, each of them dedicated to
> specific
> > clients. We get the default view recursively answering all queries to
> > anybody.
>
> Fine.
>
> > We also get another one where I am trying to non-recursively
> > answer queries but without getting data locally.
>
> Impossible.
> =20
> > A little example ..
> >=20
> > let's immagine we get lab.intranet. and srv.lab.intranet. defined on
> two
> > authoritative bind servers. On the other hand I get wks.lab.intranet
> > configured on a Ms Dns with WINS/backwards activated.=20
> >=20
> > Now I would like giving access my users to zones lab.intranet and
> > wks.lab.intranet ONLY. What are the solutions for it ?? I cannot
> simply
> > replicate zones on each servers because ISC BIND does not comply with
> > records 'IN WINS' (specific to Ms Windows Dns).
>
> Stop using WINS. Microsoft don't even really support it
> anymore.
> =3D=3D> I know but this is really too long to explain you the whole
> WINS history the company I work for.
>
> > So I try to define zones
> > as forward or stub, I am also playing with allow-recursion, recursion
> > but have not find any solution to my problem.
>
> Create your own root zone and delegate lab.intranet from it.
>
> view "xx" {
> match-clients {xx;};
> allow-query { any; };
> allow-recursion { any; };
> recursion yes;
>
> zone "." {
> type master;
> file "xx.root";
> };
> };
>
> xx.root:
> . 3600 SOA ...
> . 3600 NS ...
> lab.intranet. 3600 NS ns.lab.intranet.
> ns.lab.intranet. 3600 A <address>
>
> I did it, it works but I still get a problem with it, I also get access
> to all child domains of the zones defined in the root file .. any idea
> ??
Create empty zones for those children. (SOA and NS RRset only).
> Mark
>
> > view "xx" in {
> >=20
> > match-clients {xx;};
> > allow-query {xx;};
> > allow-recursion {xx;};
> > recursion xx;
> >=20
> > zone "." in {
> type hint;
> > file "xx/db.root";
> > };
> >=20
> > zone "lab.intranet." {
> > xx
> > };
> > zone "srv.lab.intranet." {
> > xx
> > };
> > zone "wks.lab.intranet." {
> > xx
> > };
> > };
> >=20
> > Your help is really appreciated.
> >=20
> > Regards
> > Vincent.
> > -----------------------------------------------------------------
> > ATTENTION:
> > The information in this electronic mail message is private and
> > confidential, and only intended for the addressee. Should you
> > receive this message by mistake, you are hereby notified that
> > any disclosure, reproduction, distribution or use of this
> > message is strictly prohibited. Please inform the sender by
> > reply transmission and delete the message without copying or
> > opening it.
> >=20
> > Messages and attachments are scanned for all viruses known.
> > If this message contains password-protected attachments, the
> > files have NOT been scanned for viruses by the ING mail domain.
> > Always scan attachments before opening them.
> > -----------------------------------------------------------------
> >=20
> >=20
> >=20
> --=20
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
> -----------------------------------------------------------------
> ATTENTION:
> The information in this electronic mail message is private and
> confidential, and only intended for the addressee. Should you
> receive this message by mistake, you are hereby notified that
> any disclosure, reproduction, distribution or use of this
> message is strictly prohibited. Please inform the sender by
> reply transmission and delete the message without copying or
> opening it.
>
> Messages and attachments are scanned for all viruses known.
> If this message contains password-protected attachments, the
> files have NOT been scanned for viruses by the ING mail domain.
> Always scan attachments before opening them.
> -----------------------------------------------------------------
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list