automatic reverse and forwarding zones

Grant Taylor gtaylor at tnetconsulting.net
Thu Oct 27 19:08:40 UTC 2022 

On 10/27/22 11:23 AM, Marco wrote:
> It isn't, because a customer gets /48 or /56 in most cases.

"For example one of their clients has the IP 2001:db::3." is a singular IP.

> The customer's router can use various methods to assign addresses, auto 
> configuration and DHCPv6.

Agreed.

However that's contrary to the example in your original message.

> If the ISP wants to provide reverse zone for all possible addresses 
> (ISP doesn't know which one of the assigned are used by the customer), 
> it must have all reverse zones on their zone file or dynamically 
> create them when a DNS server receives a request.

As others have indicated, populating reverse zone file(s) with 
2^(128-48) records is a non-starter and tantamount to a DoS.

The ISP could delegate the /48 if it was to another provider that ran 
their own DNS server.  But that's not likely the scenario with Prefix 
Delegation.

/If/ I needed to populate any significant portion of an ip6.arpa zone I 
would probably look at seeing if I could leverage Dynamically Loadable 
Zones [1] & [2] to pull content from an external ""database on an 
as-needed basis.

I've glanced at DLZ a handfull of times but have never used it.  Every 
time that I do, I gravitate towards the Stub (sample) [3] and wonder if 
I can (ab)use it to create something that will allow me to run a command 
(program / script / etc.) that will create synthetic records w/o needing 
to populate them in a database.

N.B. I consider DLZ to be for BIND to be much like the Milter API is for 
Sendmail / Postfix; e.g. a way to call out to something else to do 
something with the request.

Aside:  I do question what you would populate the /48 ~ /56 ip6.arpa 
zone with.  What hypothetical data would you put in it?  If it's PD to 
an end user, what information would the ISP put in there that wouldn't 
be confidential or potentially reveal that any and all IPs in that 
prefix belong to a customer w/o also identifying the customer?

[1] https://kb.isc.org/docs/aa-00995
[2] https://bind-dlz.sourceforge.net/
[3] https://bind-dlz.sourceforge.net/stub_driver.html



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221027/e580396e/attachment-0001.bin>

More information about the bind-users mailing list