IPv6 reverse zones advise

Matthew Seaman m.seaman at infracaninophile.co.uk
Mon May 10 12:49:07 UTC 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/05/2010 12:44:32, a.smith at ukgrid.net wrote:

>   we will shortly start using IPv6 reverse DNS, and having never used it
> before I thought Id ask those with some experience if they have any
> words of wisdom before I make any horrible mistakes ;) Ive already had a
> good read of a good many sites on the subject but still would like to
> check a couple of things.
> When creating IPv6 reverse zones can the subnet be as large or small as
> you like? Ive seen examples using /48 and /64, can this be effectively
> whatever you want?
> And following on from that if it is user definable, what would be the
> recommended way (size) forward? We are using flat file zone files. To me
> the simplest would seem to create the zones using large subnets and
> where necessary (as occasionally we are asked to do) delegate via the
> zone file some ranges to other DNS servers.
> Im not an expert in all of this really, but we get by on IPv4 so if
> anyone has any tips they would be greatfully recieved,
> 
> thanks Andy.

For an example IPv6 address -- say: 2001:8b0:151:1:240:5ff:fea5:8db7
the PTR record would be:

7.b.d.8.5.a.e.f.f.f.5.0.0.4.2.0.1.0.0.0.1.5.1.0.0.b.8.0.1.0.0.2.ip6.arpa. IN
PTR

So zero fill each of the colon separated fields to 4 digits, reverse and
split into individual hex digits.  Now *each* hex digit in the address
is a label in the DNS, and you can delegate chunks of the address space
at any label (exactly as you can for forward zones).

This means that the smallest chunk of IP space you can delegate is 16
addresses, which is minuscule on the IPv6 scale of things.  The largest
chunk you could manage from a sigle zone file would be your whole
allocation.  That will likely be a /32, /48 or /64 depending on your ISP
and whether you're dealing directly with RIPE or not.  Assuming a /64
and that you want to keep everything in just one zone file, it would
look something like this:

% less 1.0.0.0.1.5.1.0.0.b.8.0.1.0.0.2.ip6.arpa
;
; @(#) $Id: 1.0.0.0.1.5.1.0.0.b.8.0.1.0.0.2.ip6.arpa 672 2010-04-13
08:32:21Z matthew $
;
; MJS 20031213: Reverse mappings for 2001:8b0:151:1/64 addresses
;

$TTL    3600

@                       IN      SOA     ns0.infracaninophile.co.uk.
hostmaster.infracaninophile.co.uk. (
                                        2008071000      ; Serial
                                        10800           ; Refresh (3H)
                                        3600            ; Retry   (1H)
                                        604800          ; Expire  (1W)
                                        43200 )         ; Minimum (12H)
                                NS      secondary-ns.co.uk.
                                NS      secondary-dns.co.uk.
;
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR     net6.infracaninophile.co.uk.
;
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR     gate6.infracaninophile.co.uk.
7.b.d.8.5.a.e.f.f.f.5.0.0.4.2.0 PTR
happy-idiot-talk.infracaninophile.co.uk.
[...etc...]

If you're using rtadv/rtsol, especially if you're combining that with
dynamic DNS, then having a zone for each /64 prefix you advertise would
make sense.

	Cheers,

	Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvoAMMACgkQ8Mjk52CukIzQ0ACcCyjiogNgoUu3+dBB3cELY86c
U4wAnRSqfR19RJ19d1bROnVVFFA63onk
=57I9
-----END PGP SIGNATURE-----

More information about the bind-users mailing list