ip6 reverse delegation

Mark Andrews marka at isc.org
Fri Jan 17 03:13:30 UTC 2020 

Firstly NS records for 0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa need to be added to 1.0.1.8.7.6.f.7.0.6.2.ip6.arpa.  The correct rcode for DS 0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa should be NOERROR not NXDOMAIN if the delegation exists.

[beetle:~/git/bind9] marka% dig @ns1.peak.org DS 0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa 

; <<>> DiG 9.15.4+hotspot+add-prefetch+marka <<>> @ns1.peak.org DS 0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10273
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa. IN	DS

;; AUTHORITY SECTION:
1.0.1.8.7.6.f.7.0.6.2.ip6.arpa.	300 IN	SOA	ns1.peak.org. hostmaster.peak.org. 2020011603 3600 3600 86400 300

;; Query time: 244 msec
;; SERVER: 2607:f678::53#53(2607:f678::53)
;; WHEN: Fri Jan 17 13:56:57 AEDT 2020
;; MSG SIZE  rcvd: 120

[beetle:~/git/bind9] marka% 

Secondly it would be less confusing if ns[12].peak.org where NOT configured to be authoritative for 0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa.  At they moment they are.  If you want them to be authoritative then they should be configured to secondary 0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa.  Note the serial on ns1.rdop.com is less than that on ns[12].peak.org so if they are configured as slaves just increasing the serial to greater than 2020011606 and reloading may get the reverse lookup to work.

[beetle:~/git/bind9] marka% dig @ns1.peak.org soa 0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa

; <<>> DiG 9.15.4+hotspot+add-prefetch+marka <<>> @ns1.peak.org soa 0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48859
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa. IN	SOA

;; ANSWER SECTION:
0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa. 300 IN SOA	ns1.peak.org. hostmaster.peak.org. 2020011606 3600 3600 86400 300

;; AUTHORITY SECTION:
0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa. 300 IN NS	ns1.rdrop.com.
0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa. 300 IN NS	ns2.rdrop.com.

;; Query time: 243 msec
;; SERVER: 2607:f678::53#53(2607:f678::53)
;; WHEN: Fri Jan 17 14:08:21 AEDT 2020
;; MSG SIZE  rcvd: 165

[beetle:~/git/bind9] marka% 


> On 17 Jan 2020, at 12:28, Alan Batie <alan at peak.org> wrote:
> 
> I'm having a problem getting ipv6 reverse delegation to work and I'm
> hoping someone can tell me what I'm missing, as it seems to me this
> should be pretty straightforward:
> 
> $ host
> 4.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa
> 8.8.8.8
> Using domain server:
> Name: 8.8.8.8
> Address: 8.8.8.8#53
> Aliases:
> 
> Host
> 4.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa
> not found: 3(NXDOMAIN)
> 
> 
> 
> The authoritative nameserver is serving it up:
> 
> $ host -t ptr
> 4.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa
> ns1.rdrop.com
> Using domain server:
> Name: ns1.rdrop.com
> Address: 2607:f678:1010::53#53
> Aliases:
> 
> 4.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa
> domain name pointer agora.rdrop.com.
> 
> 
> 
> The parent authoritative nameserver (for 2607:f678::/32) is serving the
> correct delegation NS records:
> 
> $ host -t ns 0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa ns1.peak.org
> Using domain server:
> Name: ns1.peak.org
> Address: 2607:f678::53#53
> Aliases:
> 
> 0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa name server ns1.rdrop.com.
> 0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa name server ns2.rdrop.com.
> 
> 
> 
> Even for the intermediate levels, though I don't think that should
> actually be necessary once the delegation gets to the top level
> (8.7.6.f.7.0.6.2.ip6.arpa):
> 
> $ host -t ns 1.0.1.8.7.6.f.7.0.6.2.ip6.arpa ns1.peak.org
> Using domain server:
> Name: ns1.peak.org
> Address: 2607:f678::53#53
> Aliases:
> 
> 1.0.1.8.7.6.f.7.0.6.2.ip6.arpa name server ns1.peak.org.
> 1.0.1.8.7.6.f.7.0.6.2.ip6.arpa name server ns2.peak.org.
> 
> $ host -t ns 0.1.8.7.6.f.7.0.6.2.ip6.arpa ns1.peak.org
> Using domain server:
> Name: ns1.peak.org
> Address: 2607:f678::53#53
> Aliases:
> 
> 0.1.8.7.6.f.7.0.6.2.ip6.arpa name server ns1.peak.org.
> 0.1.8.7.6.f.7.0.6.2.ip6.arpa name server ns2.peak.org.
> 
> $ host -t ns 1.8.7.6.f.7.0.6.2.ip6.arpa ns1.peak.org
> Using domain server:
> Name: ns1.peak.org
> Address: 2607:f678::53#53
> Aliases:
> 
> 1.8.7.6.f.7.0.6.2.ip6.arpa name server ns2.peak.org.
> 1.8.7.6.f.7.0.6.2.ip6.arpa name server ns1.peak.org.
> 
> $ host -t ns 8.7.6.f.7.0.6.2.ip6.arpa ns1.peak.org
> Using domain server:
> Name: ns1.peak.org
> Address: 2607:f678::53#53
> Aliases:
> 
> 8.7.6.f.7.0.6.2.ip6.arpa name server ns2.peak.org.
> 8.7.6.f.7.0.6.2.ip6.arpa name server ns1.peak.org.
> 
> 
> 
> But dig +trace ptr
> 4.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa
> stops at the delegation point:
> 
> ...
> 8.7.6.f.7.0.6.2.ip6.arpa. 86400	IN	NS	ns1.peak.org.
> 8.7.6.f.7.0.6.2.ip6.arpa. 86400	IN	NS	ns2.peak.org.
> 8.7.6.f.7.0.6.2.ip6.arpa. 10800	IN	NSEC	0.8.6.f.7.0.6.2.ip6.arpa. NS
> RRSIG NSEC
> 8.7.6.f.7.0.6.2.ip6.arpa. 10800	IN	RRSIG	NSEC 5 10 10800 20200130213553
> 20200116203553 24441 0.6.2.ip6.arpa.
> HB6oy5WCbGQH+RKy+FvQyQXSKhls4a/Enfryn/ef4pfE7b9cCuFDYhYm
> RiMf739Ju+HRXl2Vj/+rzTSyjjnF7HZkkjVHdWn2avlir11h4oXrVmQY
> yTPzPXXixlO0VJqQiBpq+XsPuZHqyIpYeu/KESXLphSHQbuSDk58Kjbg B/8=
> ;; Received 365 bytes from 2001:67c:e0::10#53(arin.authdns.ripe.net) in
> 138 ms
> 
> 0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa. 300 IN SOA	ns1.peak.org.
> hostmaster.peak.org. 2020011606 3600 3600 86400 300
> ;; Received 160 bytes from 2607:f678::53#53(ns1.peak.org) in 1 ms
> 
> 
> 
> ns1.peak.org is running bind 9.9.7-P2
> 
> The zone file is:
> 
> $ORIGIN .
> $TTL 300	; 5 minutes
> 0.1.0.1.8.7.6.f.7.0.6.2.ip6.arpa IN SOA	ns1.peak.org. hostmaster.peak.org. (
> 				2020011606 ; serial
> 				3600       ; refresh (1 hour)
> 				3600       ; retry (1 hour)
> 				86400      ; expire (1 day)
> 				300        ; minimum (5 minutes)
> 				)
> 			NS	ns1.rdrop.com.
> 			NS	ns2.rdrop.com.
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the bind-users mailing list