IPv6 reverse delegation

Mark Andrews marka at isc.org
Thu Jul 2 23:24:12 UTC 2009


In message <tencent_40BA258826F74DF736BB18A4 at qq.com>, "=?gbk?B?Z2VsZW5iZXJ0YW5n
?=" writes:
> I do a test in my DNS server.
>  
> [root at LOCAL197 ~]# dig -x @localhost a.6.0.4.4.8.1.9.8.b.7.7.0.7.4.6
> ;; connection timed out; no servers could be reached

	Bad command line.

> [root at LOCAL197 ~]# dig -x @localhost 2001:470:1f00:820:6470:77b8:9184:406a

	Bad command line.

	dig @localhost -x 2001:470:1f00:820:6470:77b8:9184:406a

	is what you wanted. The address should be immediately after
	the -x.

; <<>> DiG 9.3.6-P1 <<>> -x 2001:470:1f00:820:6470:77b8:9184:406a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18291
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;a.6.0.4.4.8.1.9.8.b.7.7.0.7.4.6.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. IN PTR

;; ANSWER SECTION:
a.6.0.4.4.8.1.9.8.b.7.7.0.7.4.6.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 3600 IN PTR sapphire.dv.isc.org.

;; AUTHORITY SECTION:
0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 3600 IN NS ns-ext.isc.org.
0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 3600 IN NS ns-int.isc.org.

;; ADDITIONAL SECTION:
ns-ext.isc.org.		41002	IN	A	204.152.184.64
ns-ext.isc.org.		41002	IN	AAAA	2001:4f8:0:2::13

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul  3 09:08:28 2009
;; MSG SIZE  rcvd: 209

> [root at LOCAL197 ~]# dig @localhost 2001:470:1f00:820:6470:77b8:9184:406a ptr
>  
> ; <<>> DiG 9.3.3rc2 <<>> @localhost 2001:470:1f00:820:6470:77b8:9184:406a ptr
> ; (1 server found)
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached

	Bad command line.  Missing the -x.
  
> Why I can't query the correct result?
>  
> My configuration look like follows:
>  
>   1 $TTL    86400
>   2 @               IN SOA  tzqian.com.       root (
>   3                                         2009042105      ; serial (d. adams)
>   4                                         3H              ; refresh
>   5                                         15M             ; retry
>   6                                         1W              ; expiry
>   7                                         1D )            ; minimum
>   8
>   9                 IN NS           localhost.
>  10 @               IN MX           10 mail.tzqian.com.
>  11                 IN A            192.168.0.197
>  12 ;               IN AAAA         ::1
>  13 www             IN A            192.168.0.197
>  14 mail            IN A            192.168.0.197
>  15 64/26           IN NS           ns.example.com.
>  16 $GENERATE 64-127 $ IN CNAME $.64/25
>  17 $GENERATE 1-20 $ IN A 121.14.2.111
>  18 ;    And entries in the zone file will look like
>  19 a.6.0.4.4.8.1.9.8.b.7.7.0.7.4.6 PTR sapphire.dv.tzqian.com.
>  20
>  21 ;    I would let the machines add their own PTR records.
>  22
>  23 ;    The corresponding forward record is
>  24 sapphire.dv AAAA 2001:470:1f00:820:6470:77b8:9184:406a

You have a mix of forward and reverse zones here.

Here is a complete reverse zone.

$TTL 3600	; 1 hour
$ORIGIN 0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa.
@			SOA	bsdi.dv.isc.org. marka.isc.org. (
				2008052600 ; serial
				3600       ; refresh (1 hour)
				1200       ; retry (20 minutes)
				2419200    ; expire (4 weeks)
				3600       ; minimum (1 hour)
				)
@			NS	ns-ext.isc.org.
@			NS	ns-int.isc.org.
8.e.f.3.8.5.e.f.f.f.f.8.0.0.2.0 PTR freebsd.dv.isc.org.
c.d.b.f.9.d.e.f.f.f.2.2.4.1.2.0 PTR drugs.dv.isc.org.
d.2.0.c.9.1.e.f.f.f.9.2.0.e.2.0 PTR bsdi.dv.isc.org.
a.6.0.4.4.8.1.9.8.b.7.7.0.7.4.6	PTR sapphire.dv.isc.org.

The corresponding forward zone would be like this.

$TTL 3600
$ORIGIN dv.isc.org.
@		SOA	bsdi.dv.isc.org. marka.isc.org. (
			2007103995 86400 21600 2419200 86400 )
@		NS	ns-ext.isc.org.
@		NS	ns-int.isc.org.
localhost	A	127.0.0.1
localhost	AAAA	::1
bsdi		A	211.30.172.21
bsdi		AAAA	2001:470:1f00:820:2e0:29ff:fe19:c02d
bsdi		AAAA	2001:470:1f00:ffff::5a1
drugs		AAAA	2001:470:1f00:820:214:22ff:fed9:fbdc
drugs		AAAA	fd92:7065:b8e:0:214:22ff:fed9:fbdc
drugs		AAAA	fe80::214:22ff:fed9:fbdc
freebsd		AAAA	2001:470:1f00:820:200:8fff:fe58:3fe8
sapphire	AAAA	2001:470:1f00:820:6470:77b8:9184:406a

  					 						------------------ Original ------------------ 					
>  					 						From:  "Mark Andrews"<marka at isc.org>;
>  						Date:  2009Äê7ÔÂ2ÈÕ(ÐÇÆÚËÄ) ÏÂÎç3:14
>  						To:  "Mark Andrews"<marka at isc.org>; 
>  						Cc:  "bind-users"<bind-users at lists.isc.org>; 
> 						Subject:  Re: IPv6 reverse delegation 
>  					
>  
>  				 						
> In message <200907020659.n626xjlq033317 at drugs.dv.isc.org>, Mark Andrews writes:
> > 
> > In message <20090702083831.135ee95d.akolinare at gmx.net>, Akolinare writes:
> > > Hello,
> > > 
> > > I want to configure a reverse delegation of a IPv6 subnet to a different na
> > me
> > > server. I guess this is common use for IPv6 to provide customers the possib
> > il
> > > ity to manage the reverse resolution on their own. But as long I search the
> >  i
> > > nternet and books for howtos, configuration examples or help I'm not able t
> > o 
> > > find anything. Furthermore I have to realize that it is quite difficult to 
> > re
> > > cognize which IPv6 DNS method is valid and which is out of date.
> > > 
> > > With IPv4 reverse delegation was quite simple:
> > > 64/26           NS      ns.example.com.
> > > $GENERATE 64-127 $ IN CNAME $.64/26
> > > 
> > > Is there any comparable use for IPv6?
> > 
> >     It's not needed as you don't need to split the last octet
> >     in the DNS name to match the amount of space you have been
> >     given.
> > 
> >     The address space given to you, as a end user site, will
> >     usually be on a nibble boundary, /48, /52, /56, /60 or /64,
> >     the latter only if your ISP is not following common/expected
> >     practice.  This allows you to have 65536 /64 sized subnets
> >     (the default size of a subnet) with a /48, down to 16 /64's
> >     with a /60.
> > 
> >     The zone name for a single /64 will be like something like
> >     "0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa".  The containing
> >     /48 would be "0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa".
> 
>     And entries in the zone file will look like
>     "a.6.0.4.4.8.1.9.8.b.7.7.0.7.4.6 PTR sapphire.dv.isc.org."
> 
>     I would let the machines add their own PTR records.
> 
>     The corresponding forward record is 
>     sapphire.dv.isc.org AAAA 2001:470:1f00:820:6470:77b8:9184:406a
>  
> >     Mark
> > 
> > > I would be appreciative for any advice/help.
> > >
> > > best regards
> > > 
> > >   Markus
> > > _______________________________________________
> > > bind-users mailing list
> > > bind-users at lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/bind-users
> > -- 
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list