automatic reverse and forwarding zones
Grant Taylor
gtaylor at tnetconsulting.net
Thu Oct 27 19:08:40 UTC 2022
On 10/27/22 11:23 AM, Marco wrote:
> It isn't, because a customer gets /48 or /56 in most cases.
"For example one of their clients has the IP 2001:db::3." is a singular IP.
> The customer's router can use various methods to assign addresses, auto
> configuration and DHCPv6.
Agreed.
However that's contrary to the example in your original message.
> If the ISP wants to provide reverse zone for all possible addresses
> (ISP doesn't know which one of the assigned are used by the customer),
> it must have all reverse zones on their zone file or dynamically
> create them when a DNS server receives a request.
As others have indicated, populating reverse zone file(s) with
2^(128-48) records is a non-starter and tantamount to a DoS.
The ISP could delegate the /48 if it was to another provider that ran
their own DNS server. But that's not likely the scenario with Prefix
Delegation.
/If/ I needed to populate any significant portion of an ip6.arpa zone I
would probably look at seeing if I could leverage Dynamically Loadable
Zones [1] & [2] to pull content from an external ""database on an
as-needed basis.
I've glanced at DLZ a handfull of times but have never used it. Every
time that I do, I gravitate towards the Stub (sample) [3] and wonder if
I can (ab)use it to create something that will allow me to run a command
(program / script / etc.) that will create synthetic records w/o needing
to populate them in a database.
N.B. I consider DLZ to be for BIND to be much like the Milter API is for
Sendmail / Postfix; e.g. a way to call out to something else to do
something with the request.
Aside: I do question what you would populate the /48 ~ /56 ip6.arpa
zone with. What hypothetical data would you put in it? If it's PD to
an end user, what information would the ISP put in there that wouldn't
be confidential or potentially reveal that any and all IPs in that
prefix belong to a customer w/o also identifying the customer?
[1] https://kb.isc.org/docs/aa-00995
[2] https://bind-dlz.sourceforge.net/
[3] https://bind-dlz.sourceforge.net/stub_driver.html
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221027/e580396e/attachment-0001.bin>
More information about the bind-users
mailing list