need reverse delegation for my ipv6 subnet

Kevin Darcy kcd at chrysler.com
Thu Apr 3 23:53:50 UTC 2008 

Well, first of all, you show no PTR record in the zone. PTR records are 
what are looked up in reverse resolution, so you will have no reverse 
resolution until 1 or more PTRs are added to your zone. The flickr.com 
image you linked had no option for PTR records, which makes me think it 
is only for "forward" zones, not reverse zones. You might need to use a 
different tool to maintain your reverse zone. (I'm not sure what the 
point of the TXT record is, it doesn't have any effect on the 
resolvability of your PTR record(s). It would be informational at most.)

Secondly, you have a delegation issue. According to ns1.sixxs.net,
1.5.0.1.8.f.6.0.1.0.0.2.ip6.arpa. 604800 IN NS  ns1.stattfernsehen.com.

I.e. you've been delegated the zone at the /48 level. Yet the zone file 
you show has an $ORIGIN which reflects a full /128 reverse path. How is 
it defined in named.conf? As a /48 or as a /128? If your $ORIGIN doesn't 
match your named.conf zone definition, then the zone won't load properly 
(named will complain about the SOA/NS records being "out of zone", and 
perhaps again that the zone is missing SOA/NS records). If it matches 
(at the /128 level), then the zone is not at the right level of 
delegation. Note that the $ORIGINs in the examples given in the FAQ web 
page you cited are at the /48 and /64 levels; you need to match the 
delegation that's been given to you by your upstream provider. It's not 
just the $ORIGINs that need to be changed, though; the zone *itself* 
needs to be at the /48 level.

Next problem, it appears that you are not allowing queries of the zone 
you have set up (at least, not from my IP):

$ dig 
c.a.a.a.f.8.e.f.f.f.5.6.0.3.2.0.0.0.0.0.1.5.0.1.8.f.6.0.1.0.0.2.ip6.arpa 
ns @ns1.stattfernsehen.com

; <<>> DiG 9.3.0 <<>> 
c.a.a.a.f.8.e.f.f.f.5.6.0.3.2.0.0.0.0.0.1.5.0.1.8.f.6.0.1.0.0.2.ip6.arpa 
ns @ns1.stattfernsehen.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 338
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;c.a.a.a.f.8.e.f.f.f.5.6.0.3.2.0.0.0.0.0.1.5.0.1.8.f.6.0.1.0.0.2.ip6.arpa. 
IN NS

;; Query time: 165 msec
;; SERVER: 87.79.236.249#53(ns1.stattfernsehen.com)
;; WHEN: Thu Apr  3 16:12:00 2008
;; MSG SIZE  rcvd: 90

(I get REFUSED for 1.5.0.1.8.f.6.0.1.0.0.2.ip6.arpa as well).

Lastly, I would work on getting reverse-resolution working from a single 
server before worrying about who is going to be your slave. Walk before 
you try to fly.


                                                                         
                                       - Kevin


Marc Manthey wrote:
> hello chris and all other experts,
>
> i  want to set up reverse DNS for my subnet providet by sixxs.net , a  
> free tunnel broker.
>
> So, i have a debian server with "bind "  and webmin configured. My  
> local machine with bind is
>
> host  -6 2001:6f8:1051:0:230:65ff:fe8f:aaac
>
> thats the reverse arpa  adress of the machine called   
> ns1.stattfernsehen.com .
>
> <http://pastebin.com/m1bc0c6a1>
>
> my subnet is 2001:6f8:1051::/48
>
> do i need all of this ?
>
> https://noc.sixxs.net/faq/dns/?faq=reverse
>
> thats a modified zone file from this site:
>
>
>
> $ORIGIN c.a.a.a.f.8.e.f.f.f.5.6.0.3.2.0.0.0.0.0.1.5.0.1.8.f. 
> 6.0.1.0.0.2.ip6.arpa.
>
> my  host adress with bind,
>
>
> $TTL 604800
> @	IN	SOA ns1.stattfernsehen.com. hostmaster.stattfernsehen.com. (
> 		1978022513	; Serial
> 		10800		; Refresh
> 		3600		; Retry
> 		2419200		; Expire
> 		604800 )	; Default TTL
>
> thats ok ?
>
> 		NS   ns1.stattfernsehen.com.
>                  NS   ns2.example.org.   <<<<should i put ns3.gkg.net.  
> in here as secondary ?
> 		TXT  "2001:6f8:1051::/48" <<<<<<  in quotes ?
>
> gkg.net is my registrar so i need to put his ns as secondary , correct ?
> What about the "zone" file on my registrars site ? <http://farm3.static.flickr.com/2078/2342810344_55704520a9_o.jpg 
>  >
>
> i  would give someone access to my webmin
> if he is able to help me create the required "zone" files.
>
>   
>>> <http://www.sixxs.net/faq/sixxs/?faq=dnsspam>
>>> <http://www.sixxs.net/tools/zonecheck/>
>>>       
>
>
>
> thanks a lot
>
> marc
>
> --
> Les enfants teribbles - research and deployment
> Marc Manthey -  Hildeboldplatz 1a
> D - 50672 Köln - Germany
> Tel.:0049-221-3558032
> Mobil:0049-1577-3329231
> jabber :marc at kgraff.net
> blog : http://www.let.de
> ipv6 http://stattfernsehen.com/matrix
>
>
>

More information about the bind-users mailing list