Bind with publicly routable DDNS mappings for IPv6 but not IPv4

[Chris Buxton]

Can't be done with just BIND. You need some kind of solution to strip out the private IPv4 address space before publishing data to the outside world. (Are you sure your workstations really need to have their routable addresses published to the outside world? Sounds dangerous to me.)

For example, you could write a script that would grab a copy of the internal zone, strip out what you don't want, and republish on an external-facing name server, and then run that script on a 5 minute cron job.

Chris Buxton
BlueCat Networks

On Jan 24, 2011, at 7:28 AM, Michael Himbeault wrote:

> So I appear to have fallen into the cracks of "stuff the internet is completely useless for looking up". I can't come up with any useful set of keywords, so here I am.
> 
> I'm attempting to configure DDNS between ISC DHCPD and BIND. I want DDNS for both IPv4 and IPv6. I have this. Cool. Now, I want to publish the IPv6 DDNS mappings out to the internet at large so every host can have a publicly routable IP address and no one has to remember any 32 character addresses. I would like this to be accomplished by everyone hanging off of the domain.
> 
> For example a computer (hostname: pinky) connects to the network, and now everyone on the internal network can ping either pinky or pinky.example.com. If they are IPv4 only, they will get pinky's IPv4 leased address, and if they are dual-stack or IPv6 they will get pinky's IPv6 address since pinky.riebart.ca will have both A and AAAA records. I also want anyone on the internet at large to be able to ping pinky.example.com and, if they are IPv6 enabled, will get replies since pinky's IPv6 address is publicly routable. Attempts to get an A record for pinky.example.com should fail.
> 
> Problem is, how do I do this without polluting the internet with my private IPv4 DDNS mappings and without requiring an extra subdomain? The inside clients need to see both the IPv6 and IPv4 mappings, but the external queries should never see the IPv4 mappings. I can't just copy-past the zone files since they are both being dynamicly updated through DDNS. Additionally, since the DHCP client support for DHCP option 119 (DNS domain search list) is pretty abysmal I would really like to not have to put ipv4 mappings onto <HOSTNAME>.ipv4.example.com.
> 
> Any suggestions?
> 
> Thanks,
> Mike _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110124/a0669b25/attachment.html>