How to generate authoritative DNS64 reverse zone

Mark Andrews marka at isc.org
Tue May 23 05:04:57 UTC 2017 

In message <396e2fc9-3151-aad6-b5bc-28784bd15ae4 at axu.tm>, Aleksi Suhonen writes:
> Hi,
> 
> On 05/20/2017 01:48 AM, Mark Andrews wrote:
> > In message <57bf558b-f4eb-f2e4-c27c-9447ff4dd8c1 at axu.tm>, Aleksi Suhonen writes:
> >> So how do I configure Bind9 to generate one authoritative DNS64 reverse
> >> zone that contains CNAMEs to in-addr.arpa, but otherwise not mess with
> >> anything?
> 
> > You should delegate
> > 1.0.0.0.0.0.0.0.2.3.B.D.0.B.2.0.C.7.6.0.1.0.0.2.IP6.ARPA normally.
> > This will let everyone in the world find the CNAME records.  This
> > should be done even if you are just doing it for your recursive
> > clients.
> 
> I created the delegation, tried the below config and created an empty
> zone file for the above delegation. Rndc reconfig gave the following error:
> 
> 22-May-2017 07:58:13.534 general: error: reloading configuration failed:
> already exists
> 
> This was the entirety of the error message.
> 
> > If you don't want A to AAAA mappings to happen then turn off the
> > DNS64 mapping for everyone on the server.
> 
> >         dns64 2001:67c:2b0:db32:0:1::/96 {
> >                 clients { none; }
> >         };
> 
> When I removed the empty master zone, the error message went away. So it
> seems that the dns64 declaration implicitly creates a new zone in Bind.
> Makes sense. This could be added to documentation?

The ARM already has this in the description for dns64.

              <para>
                Additionally a reverse IP6.ARPA zone will be created for
                the prefix to provide a mapping from the IP6.ARPA names
                to the corresponding IN-ADDR.ARPA names using synthesized
                CNAMEs.  <command>dns64-server</command> and
                <command>dns64-contact</command> can be used to specify
                the name of the server and contact for the zones. These
                are settable at the view / options level.  These are
                not settable on a per-prefix basis.
              </para>

> I think the above error message should also be improved, as it gave no
> indication as to *what* exists already. I could have saved about an hour
> of wondering what the hell is wrong with my config change, if the error
> message was a bit more wordy. :-)

Ticket opened.

> In hind sight, I guess I could have turned on debugging and seen what
> messages would be generated then, but I suspect there would have been
> too many messages for me to process.
> 
> Anyway, thanks for the help.
> 
> -- 
>         Aleksi Suhonen / Axu TM Oy
>         Internetworking Consulting
>         Cellular: +358 44 975 6548
>         World Wide Web: www.axu.tm
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list