How to generate authoritative DNS64 reverse zone
Mark Andrews
marka at isc.org
Fri May 19 22:48:33 UTC 2017
In message <57bf558b-f4eb-f2e4-c27c-9447ff4dd8c1 at axu.tm>, Aleksi Suhonen writes:
> Hello,
>
> Suppose that I have a NAT64 prefix 2001:67c:2b0:db32:0:1::/96 and a
> couple of DNS64 resolvers that use it. The resolvers will also generate
> nice CNAMEs that point to in-addr.arpa for that prefix. This is nice.
>
> But other resolvers in the world won't do that, so I'd need to have a
> real reverse zone for this fantastical NAT64 prefix for their benefit.
> But if I configure a DNS64 prefix on an authoritative server, it will
> start messing with my normal zones too, won't it?
>
> So how do I configure Bind9 to generate one authoritative DNS64 reverse
> zone that contains CNAMEs to in-addr.arpa, but otherwise not mess with
> anything?
>
> Yours,
You should delegate
1.0.0.0.0.0.0.0.2.3.B.D.0.B.2.0.C.7.6.0.1.0.0.2.IP6.ARPA normally.
This will let everyone in the world find the CNAME records. This
should be done even if you are just doing it for your recursive
clients.
If you don't want A to AAAA mappings to happen then turn off the
DNS64 mapping for everyone on the server.
dns64 2001:67c:2b0:db32:0:1::/96 {
clients { none; }
};
Mark
> --
> Aleksi Suhonen / Axu TM Oy
> Internetworking Consulting
> Cellular: +358 44 975 6548
> World Wide Web: www.axu.tm
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list