How to generate authoritative DNS64 reverse zone

Aleksi Suhonen bind-users-2017 at
Mon May 22 08:42:43 UTC 2017


On 05/20/2017 01:48 AM, Mark Andrews wrote:
> In message <57bf558b-f4eb-f2e4-c27c-9447ff4dd8c1 at>, Aleksi Suhonen writes:
>> So how do I configure Bind9 to generate one authoritative DNS64 reverse
>> zone that contains CNAMEs to, but otherwise not mess with
>> anything?

> You should delegate
> normally.
> This will let everyone in the world find the CNAME records.  This
> should be done even if you are just doing it for your recursive
> clients.

I created the delegation, tried the below config and created an empty
zone file for the above delegation. Rndc reconfig gave the following error:

22-May-2017 07:58:13.534 general: error: reloading configuration failed:
already exists

This was the entirety of the error message.

> If you don't want A to AAAA mappings to happen then turn off the
> DNS64 mapping for everyone on the server.

>         dns64 2001:67c:2b0:db32:0:1::/96 {
>                 clients { none; }
>         };

When I removed the empty master zone, the error message went away. So it
seems that the dns64 declaration implicitly creates a new zone in Bind.
Makes sense. This could be added to documentation?

I think the above error message should also be improved, as it gave no
indication as to *what* exists already. I could have saved about an hour
of wondering what the hell is wrong with my config change, if the error
message was a bit more wordy. :-)

In hind sight, I guess I could have turned on debugging and seen what
messages would be generated then, but I suspect there would have been
too many messages for me to process.

Anyway, thanks for the help.

        Aleksi Suhonen / Axu TM Oy
        Internetworking Consulting
        Cellular: +358 44 975 6548
        World Wide Web:

More information about the bind-users mailing list