need reverse delegation for my ipv6 subnet
Shadow Hawkins on Friday, 04 April 2008 01:19:47
hello all,
i want to set up reverse DNS for my subnet .
So, i have a debian server with "bind " and webmin configured. My local machine with bind is
host -6 2001:6f8:1051:0:230:65ff:fe8f:aaac
thats the reverse arpa adress of the machine called ns1.stattfernsehen.com .
<http://pastebin.com/m1bc0c6a1>
my subnet is 2001:6f8:1051::/48
do i need all of this ?
https://noc.sixxs.net/faq/dns/?faq=reverse
thats a modified zone file from this site:
$ORIGIN c.a.a.a.f.8.e.f.f.f.5.6.0.3.2.0.0.0.0.0.1.5.0.1.8.f.6.0.1.0.0.2.ip6.arpa.
my host adress with bind,
$TTL 604800
@INSOA ns1.stattfernsehen.com. hostmaster.stattfernsehen.com. (
1978022513; Serial
10800; Refresh
3600; Retry
2419200; Expire
604800 ); Default TTL
thats ok ?
NS ns1.stattfernsehen.com.
NS ns2.example.org. <<<<should i put ns3.gkg.net. in here as secondary ?
TXT "2001:6f8:1051::/48" <<<<<< in quotes ?
gkg.net is my registrar so i need to put his ns as secondary , correct ?
What about the "zone" file on my registrars site ? <http://farm3.static.flickr.com/2078/2342810344_55704520a9_o.jpg>
i would give someone access to my webmin
if he is able to help me create the required "zone" files.
<http://www.sixxs.net/faq/sixxs/?faq=dnsspam>
<http://www.sixxs.net/tools/zonecheck/>
need reverse delegation for my ipv6 subnet
Shadow Hawkins on Saturday, 05 April 2008 06:37:27
It's not complicated at all.
You just need to create a file with a correct header,
and as many PTR entries as you need.
For the NS entries, you put there the adresses where the primary and secondaries zones for your reverse domain (delegated by sixxs) are.
Usually the registrars only host dns zones for the domains purchased through them, which is not the case of the reverse that sixxs delegates you;
you have to find some DNS servers willing to host it.
so, something like (I suppose stattfernsehen.com is your domain)
(I don't know about ttl and such values, I suppose yours are correct)
=====================================================
; your 2001:6f8:1051::/48 as origin
; that is the zone delegated to you by sixxs
$ORIGIN 1.5.0.1.8.f.6.0.1.0.0.2.ip6.arpa.
$TTL 604800
@ IN SOA stattfernsehen.com. hostmaster.stattfernsehen.com. (
2008040501 ; Serial
10800 ; Refresh
3600 ; Retry
2419200 ; Expire
604800 ) ; Minimum
NS ns1.stattfernsehen.com.
; NS ns.foo.bar. ; you should search for a secondary DNS
; 2001:6f8:1051::230:65ff:fe8f:aaac
c.a.a.a.f.8.e.f.f.f.5.6.0.3.2.0.0.0.0.0 PTR ns1.stattfernsehen.com.
; example for 2001:6f8:1051:cafe::1
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.e.f.a.c PTR example.stattfernsehen.com.
; example for 2001:6f8:1051:cafe:1234:5678:9abc:def0
0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.e.f.a.c PTR example2.stattfernsehen.com.
=====================================================
For ns1.stattfernsehen.com it doesn't seem to have an AAAA adress so far; so the reverse of 2001:6f8:1051:0:230:65ff:fe8f:aaac to ns1.stattfernsehen.com seems strange; do you plan to give that adress to it? that is, in the DNS zone for stattfernsehen.com do you plan to have an entry as:
ns1 AAAA 2001:6f8:1051:0:230:65ff:fe8f:aaac
For the primary as well as secondary DNS, they can be wathever DNS server you find that are willing to host the zone, one of them as primary, the others the getting the updates from it.
If you can't find a willing DNS server, it could be your own accessible server.
The TXT record is just an arbitray text that is sent to clients requesting that entry; it is not necessary, and putting "2001:6f8:1051::/48" there is useless, as that is implicit from the zone itself, if you need human readable information when reading the file, better to put it as comment. If you do add a TXT entry, it must be in quotes, yes.
As for the image you show about your straight DNS setup, it is about the *STRAIGHT* DNS setup for stattfernsehen.com and not your reverse zone which is a completely different domain (1.5.0.1.8.f.6.0.1.0.0.2.ip6.arpa)
And btw, you shouldn't use "*", instead put the actual names you want.
The "@" stands for your domain, with nothing before.
so you have stattfernsehen.com, ns1.stattfernsehen.com and mail.stattfernsehen.com pointing to the same IPv4 adress (which is fine), and "*" pointing to it too, which is not good practice.
And for IPv6 you have only "*" pointing to an IPv6 adrsss, with is bad practice; you should create similar entries as n1, mail, etc.
with the difference that you can use as many IPv6 adresses as needed, and each of your machines will have one, globally unique and routable.
On the image you show there aren't PTR entries; does the web interface of your registrar allow them? if not, then you can't configure a reverse zone with it.
Once your reverse zone is working and accessible from the internet, you can test it in the zonecheck tool in sixxs
Posting is only allowed when you are logged in. |