IPv6 reverse zones advise
m.seaman at infracaninophile.co.uk
Mon May 10 12:49:07 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
On 10/05/2010 12:44:32, a.smith at ukgrid.net wrote:
> we will shortly start using IPv6 reverse DNS, and having never used it
> before I thought Id ask those with some experience if they have any
> words of wisdom before I make any horrible mistakes ;) Ive already had a
> good read of a good many sites on the subject but still would like to
> check a couple of things.
> When creating IPv6 reverse zones can the subnet be as large or small as
> you like? Ive seen examples using /48 and /64, can this be effectively
> whatever you want?
> And following on from that if it is user definable, what would be the
> recommended way (size) forward? We are using flat file zone files. To me
> the simplest would seem to create the zones using large subnets and
> where necessary (as occasionally we are asked to do) delegate via the
> zone file some ranges to other DNS servers.
> Im not an expert in all of this really, but we get by on IPv4 so if
> anyone has any tips they would be greatfully recieved,
> thanks Andy.
For an example IPv6 address -- say: 2001:8b0:151:1:240:5ff:fea5:8db7
the PTR record would be:
So zero fill each of the colon separated fields to 4 digits, reverse and
split into individual hex digits. Now *each* hex digit in the address
is a label in the DNS, and you can delegate chunks of the address space
at any label (exactly as you can for forward zones).
This means that the smallest chunk of IP space you can delegate is 16
addresses, which is minuscule on the IPv6 scale of things. The largest
chunk you could manage from a sigle zone file would be your whole
allocation. That will likely be a /32, /48 or /64 depending on your ISP
and whether you're dealing directly with RIPE or not. Assuming a /64
and that you want to keep everything in just one zone file, it would
look something like this:
% less 126.96.36.199.188.8.131.52.0.b.184.108.40.206.0.2.ip6.arpa
; @(#) $Id: 220.127.116.11.18.104.22.168.0.b.22.214.171.124.0.2.ip6.arpa 672 2010-04-13
08:32:21Z matthew $
; MJS 20031213: Reverse mappings for 2001:8b0:151:1/64 addresses
@ IN SOA ns0.infracaninophile.co.uk.
2008071000 ; Serial
10800 ; Refresh (3H)
3600 ; Retry (1H)
604800 ; Expire (1W)
43200 ) ; Minimum (12H)
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR net6.infracaninophile.co.uk.
126.96.36.199.0.0.0.0.0.0.0.0.0.0.0.0 PTR gate6.infracaninophile.co.uk.
If you're using rtadv/rtsol, especially if you're combining that with
dynamic DNS, then having a zone for each /64 prefix you advertise would
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the bind-users