ip6.arpa help

John Wobus jw354 at cornell.edu
Fri Mar 18 14:33:51 UTC 2011


On Mar 18, 2011, at 5:07 AM, mattias.o.andersson at gavle.se wrote:

> Hi,
>
> I work for a small ISP in Sweden and we recently starting to provide  
> IPv6 for customers. I have a problem thou with the reverse DNS  
> lookups for IPv6. I don’t have a good way of doing this, maybe  
> someone can help.
>
> When we deliver IPv6 service to a customer they get at least a /64,  
> which you all know is A LOT of addresses. This is impossible to  
> generate unique PTR records for every address. The way we solved  
> this is to use “* PTR customer.domain.com.” so that all addresses in  
> the /64 will get the same reverse lookup. But if a customer need a  
> unique PTR for a mailserver I cant use both “*PTR  
> customer.domain.com.” and “5.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR  
> mail.domain.com.” in the same zone-file, the * will be ignored. Is  
> this how it should be or am I doing it wrong?
> Instead maybe Bind can dynamically generate a answer for a reverse  
> lookup request instead of storing all PTRs in the zone-file?
>
> Are there any good information, maybe RFC,  how reverse DNS should  
> be done in IPv6. Then I don’t mean how to register a ip6.arpa and  
> edit your zone-file in bind. I mean how you solve the problem with  
> generate 2^64 unique PTR records for a single customer without  
> filling your hard drive. =)
>
> Cheers // Mattias Andersson
> <ATT00001..c>


How about just 16 records per such server?  A lot less
than 2^64, and the extra records could be generated by
script.

5.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR mail.domain.com.
5.2.0.0.0.0.0.0.0.0.0.0.0.0.0.* PTR customer.domain.com.
5.2.0.0.0.0.0.0.0.0.0.0.0.0.* PTR customer.domain.com.
5.2.0.0.0.0.0.0.0.0.0.0.0.* PTR customer.domain.com.
...
5.2.* PTR customer.domain.com.
5.* PTR customer.domain.com.

I believe that the serving of * is determined by RFC, so while BIND
could have its own mechanism to generate records on the fly,
it can't/shouldn't do something different with *.

I suspect that IPV6 PTR records might fall by the wayside
for the general end user, especially since mainstream
IPV6 practices are still being formed and are likely tend toward
what is practical.  Automatically-generated PTR records have
limited value, and *just might* make DNSSEC quite a challenge.
Some other, more practical method may well be devised for ISPs to
show what address space they are making use of.  (For example,
the powers-that-be could choose to provide two top-level PTR
domains for IPV6: one for full records, and the other for
subnet-wide wildcards.)

John


More information about the bind-users mailing list