SixXS::Sunset 2017-06-06
Username: Password:

FAQ : DNS : How do I setup a reverse DNS?

Other FAQ sections

How do I setup a reverse DNS?

For those of you not yet familiar with the topic 'reversed DNS' or the in-addr.arpa files, please read up on that and when you are confident that you are running a working named (Bind 8.2.2+ will do fine) with a 'standard issue reversed DNS zone' like 0.168.192.in-addr.arpa, continue here.

Tip Note that user reverse dns options is only available for subnets and not for tunnels.

Warning Don't forget to read about our thoughts on DNS Pollution.

Here is an example for 2001:db8:302::/48, which is part of the official IPv6 documentation prefix, so don't use it for real.
First, declare our authority, analogous to IPv4 zones and domain names.

$ORIGIN 2.0.3.0.8.b.d.0.1.0.0.2.ip6.arpa.
$TTL 604800
@	IN	SOA ns1.example.org. hostmaster.example.org. (
		1978022513	; Serial
		10800		; Refresh
		3600		; Retry
		2419200		; Expire
		604800 )	; Default TTL

		NS   ns1.example.org.
		NS   ns2.example.org.
		TXT  "2001:db8:302::/48 Example IPv6 reverse"

Remember to use $ORIGIN a lot which makes managing reverse more doable.
The following makes the address 2001:db8:302::1 resolve. The origin bounds the reverse at a /64.

$ORIGIN 0.0.0.0.2.0.3.0.8.b.d.0.1.0.0.2.ip6.arpa.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0	PTR host.example.net.

Here, we delegate 2001:db8:302:1::/64 to the example.org servers and 2001:db8:302:2::/64 to the example.com servers.

$ORIGIN 0.0.0.2.0.3.0.8.b.d.0.1.0.0.2.ip6.arpa.
1		NS ns1.example.org.
		NS ns2.example.org.
2		NS ns1.example.com.
		NS ns2.example.com.

Warning: don't forget the trailing dot's.

Assuming you have set up a zonefile for your reversed delegation, the only other thing you have to do is tell named to load and administer the zone. Here's the entry in /etc/named.conf for the 2001:db8:302::/48 delegation:

zone "2.0.3.0.8.b.d.0.1.0.0.2.ip6.arpa"
{
	type master;
	file "/etc/bind/pz/2.0.3.0.8.b.d.0.1.0.0.2.ip6.arpa";
};

Tip You can easily verify if your dns is working by running:

dig +trace 2.0.3.0.8.b.d.0.1.0.0.2.ip6.arpa

And seeing where it ends up.

Not logged in.
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker