SixXS::Sunset 2017-06-06

How to go about reverse DNS?
[nl] Carmen Sandiego on Sunday, 03 August 2003 05:09:36
Hi all, I am experimenting with IPv6 and have a /64 for my home network. The machines on it are accessing the network, so I would like to set up proper reverse DNS for the zone. All the autoconfigured devices derive the least significant bits for their own IPv6 address from their MAC address, and Windows machines use an anonymous address by default. While I can configure some static IP addresses for my own machines, I would still like to set up proper reverse DNS for the rest of the prefix. For instance when I configure a server or plug in a laptop they autoconfigure using a new address. With IPv4, $GENERATE worked fine for the limited number of dynamic addresses. Is there a way to define sensible reverse DNS for all possible entries with a certain prefix? Storing this in the BIND zones would be unmanageable, but surely somebody thought of a good solution or else DNS would be a mess... I am using BIND 9.2.2 on the authoritative nameserver for the network. I would not be very happy to enable updates, so would rather have the whole space covered. Any thoughts? Thanks! walter
How to go about reverse DNS?
[nl] Shadow Hawkins on Sunday, 10 August 2003 14:39:53
http://www.csd.uwo.ca/staff/magi/doc/bind9/Bv9ARM.ch06.html#AEN4097 As I see it, you can try to use $GENERATE and use an lhs modifier to create ranges of PTR records (e.g. $GENERATE 1-16 ${0,0,h) PTR node.domain.ext.) but you need to do it in such a fashion that it will generate all nibbles and combination of nibbles in order to map a reverse for each possible address within your /64. http://dev.faeriemud.org/bind9/Bv9ARM.ch04.html#AEN915 If you have ip6.arpa, you can try using bitstring format, with which you can specify a range simply by using /64 in your PTR record. Excerpt: 4.8.4. Address to Name Lookups Using Bitstring Format Bitstring labels can start and end on any bit boundary, rather than on a multiple of 4 bits as in the nibble format. They also use ip6.arpa rather than ip6.int. To replicate the previous example using bitstrings: $ORIGIN \[x3ffe805002011860/64].ip6.arpa. \[x0042000000000001/64] 14400 IN PTRhost.example.com.
How to go about reverse DNS?
[ch] Jeroen Massar SixXS Staff on Sunday, 10 August 2003 15:07:46
Bitstring format is nonsense as it is not used in any deployment and it has been moved to experimental by IETF. In general only reverse hosts that you use, if you forward them to say 'unused.reverse.example.com' it will break most access checks which check that the forward and reverse match up
How to go about reverse DNS?
[ch] Jeroen Massar SixXS Staff on Sunday, 10 August 2003 15:17:14
The way to go for your case is Secure dynamic DNS: which is used at the IETF and RIPE meetings and works perfectly well, hey they invented it for themselves :) For Windows you can use command script found below. As for covering the complete space: don't. The reverse will map to a undefined or single forward and many access checks will fail you to connect to services that match forward&reverse. SSH for instance will simply drop you without an error. You could also wait for the release of DHCPv6 in the many OS's. There is a Linux implementation already and the draft has become a RFC 3315. Also: turn on those stupid Anonymous addresses :)
rem @echo off rem ################################################################## rem Windows NT (NT4/2k/XP/2k3) IPv4 & IPv6 Secure DNS Update Script rem by Jeroen Massar <jeroen@unfix.org> rem ################################################################## rem Get the UnxUtils from http://unxutils.sourceforge.net/ and install them somewhere rem Then adjust your path. rem Get the nsupdate program + libs from ISC (www.isc.org), usually the bind9 distro. rem Then copy over the K*.private & K*.key over for the host to your box. rem Change the config below, et tada ;) rem ################################################################## rem Our config rem ################################################################## set HOSTNAME=limbo set DOMAIN=unfix.org set KEYFILE=C:\Programs\Net\Bind\Klimbo.unfix.org.+157+34970.key set UNX=C:\Programs\System\Unix set NSUPDATE=C:\Programs\Net\Bind\nsupdate set SCRIPT=c:\Programs\Net\Bind\cmd.txt set INTERFACE=4 rem ###################################################################### rem The Script rem ###################################################################### rem Specify a sane DNS Server rem Done because on NT nsupdate can't find /etc/resolv.conf that easily :) %UNX%\echo -n "server" >%SCRIPT% ipconfig /all | %UNX%\grep "DNS Servers" | %UNX%\cut -f2 -d: | %UNX%\head -n 1 >>%SCRIPT% rem Delete the old ones %UNX%\echo "update delete %HOSTNAME%.%DOMAIN% A" >>%SCRIPT% %UNX%\echo "update delete %HOSTNAME%.%DOMAIN% AAAA" >>%SCRIPT% %UNX%\echo "update delete %HOSTNAME%.ipv4.%DOMAIN% A" >>%SCRIPT% %UNX%\echo "update delete %HOSTNAME%.ipv6.%DOMAIN% AAAA" >>%SCRIPT% rem Add the IPv4 address. %UNX%\echo -n "update add %HOSTNAME%.%DOMAIN% 360 A" >>%SCRIPT% ipconfig /all | %UNX%\grep "IP Address" | %UNX%\cut -f2 -d: | %UNX%\head -n 1 >>%SCRIPT% %UNX%\echo -n "update add %HOSTNAME%.ipv4.%DOMAIN% 360 A" >>%SCRIPT% ipconfig /all | %UNX%\grep "IP Address" | %UNX%\cut -f2 -d: | %UNX%\head -n 1 >>%SCRIPT% rem Add the IPv6 address. %UNX%\echo -n "update add %HOSTNAME%.%DOMAIN% 360 AAAA " >>%SCRIPT% ipv6 if %INTERFACE% | %UNX%\grep "preferred global" | %UNX%\awk "{print $3; }" | %UNX%\cut -f1 -d, >>%SCRIPT% %UNX%\echo -n "update add %HOSTNAME%.ipv6.%DOMAIN% 360 AAAA " >>%SCRIPT% ipv6 if %INTERFACE% | %UNX%\grep "preferred global" | %UNX%\awk "{print $3; }" | %UNX%\cut -f1 -d, >>%SCRIPT% rem And send the update %UNX%\echo "send" >>%SCRIPT% %UNX%\echo %NSUPDATE% -k %KEYFILE% %SCRIPT%

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker