IPv6 Pattern Based Forward/Reverse Mappings

Mark Andrews Mark_Andrews at isc.org
Thu Sep 11 02:16:21 UTC 2008


In message <E770E412-04F7-4591-9883-3E6D2BE8F41E at mmc.com.au>, Matthew Moyle-Cro
ft writes:
> Hi,
> My apologies if this has been covered before.  If this isn't the right  
> place then let me know.
> 
> I work for a largish ISP - we've started rolling out IPv6 to customers  
> and at some point will be offering dual stack broadband.  One of the  
> issues is working out how to do generic IPv6 forward and reverse  
> mappings.

	This is one area where IPv4 think is not a solution.  Let
	the end user machines update their PTR records.  Vista
	already does this.

	BIND 9.6 has "tcp-self" and "6to4-self" to provide weak
	authenication (tcp connection) to prevent third party abuse.

	Mark

> Currently for IP pools on our LNSes we just populate generic entries  
> for forward/reverse like:
> 
> w-x-y-z.lnsA.popB.ourdomain.net
> 
> BIND has some support for this in IPv4 with the $GENERATE directive  
> which allows quick and easy population of forward/reverse mappings.
> 
> Obviously handing our subnets (/64s or whatever becomes the answer) to  
> customers means this becomes more complex - we don't really want most  
> customers dynamically updating these (99% of customers don't want to,  
> don't care or don't have the skills to anyway) and it represents a  
scaling issue as we're talking 150k+ ranges.  So I want to be able to  
> have a similar directive for AAAA and ip6.arpa ranges so that I can  
> populate our reverse mapping files quickly, easily and without burning  
> large amounts of disk.  (Please don't start and argument about  
> customers being able to have static ranges and delegate it themselves  
> - we've got solutions for those customers, this is for the mum and dad  
> customers who don't care and don't want to know - they want to not  
> care and have us do the work).
> 
> eg.
> 
> If an LNS has a /48 then I want to be able to specify something like:
> 
> $GENERATE6 <#bits> lhs [ttl] [class] type rhs [comment]
> 
> So instead of the range being a simple decimal increment it's a fill  
> of nibbles upto X bits.  I know that forward mappings might be nice to  
> be quads, but this keeps it to one directive.
> 
> So, we could do reverse mappings for a /64 with:
> 
> $ORIGIN c.b.a.9.8.7.6.5.4.3.2.1.1.0.0.2.ip6.arpa
> $GENERATE6 64 $ IN PTR $.lns1.pop1.myisp.net.
> 
> and we'd get entries like:

> 1.2.3.4.5.6.7.8.9.10.a.b.c.d.e.f.c.b.a. 
> 9.8.7.6.5.4.3.2.1.1.0.0.2.ip6.arpa. IN PTR  
> 1.2.3.4.5.6.7.8.9.10.a.b.c.d.e.f.lns1.pop1.myisp.net.
> 
> (Sorry if I've got the nibbles wrong - it's not important really to  
> the story here :-)
> 
> And hopefully just the directive would be stored in memory and a "hit"  
> on a covered IP address would cause it to be looked up and resolved  
> appropriately.
> 
> Best Regards,
> Matthew
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-users mailing list