Re: ip6.arpa help

Fri, 18 Mar 2011 07:42:10 -0700 

On Mar 18, 2011, at 5:07 AM, mattias.o.anders...@gavle.se wrote:


Hi,
I work for a small ISP in Sweden and we recently starting to provide IPv6 for customers. I have a problem thou with the reverse DNS lookups for IPv6. I don’t have a good way of doing this, maybe someone can help.
When we deliver IPv6 service to a customer they get at least a /64, which you all know is A LOT of addresses. This is impossible to generate unique PTR records for every address. The way we solved this is to use “* PTR customer.domain.com.” so that all addresses in the /64 will get the same reverse lookup. But if a customer need a unique PTR for a mailserver I cant use both “*PTR customer.domain.com.” and “5.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR mail.domain.com.” in the same zone-file, the * will be ignored. Is this how it should be or am I doing it wrong? Instead maybe Bind can dynamically generate a answer for a reverse lookup request instead of storing all PTRs in the zone-file?
Are there any good information, maybe RFC, how reverse DNS should be done in IPv6. Then I don’t mean how to register a ip6.arpa and edit your zone-file in bind. I mean how you solve the problem with generate 2^64 unique PTR records for a single customer without filling your hard drive. =) 

Cheers // Mattias Andersson
<ATT00001..c>



How about just 16 records per such server?  A lot less
than 2^64, and the extra records could be generated by
script.

5.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR mail.domain.com.
5.2.0.0.0.0.0.0.0.0.0.0.0.0.0.* PTR customer.domain.com.
5.2.0.0.0.0.0.0.0.0.0.0.0.0.* PTR customer.domain.com.
5.2.0.0.0.0.0.0.0.0.0.0.0.* PTR customer.domain.com.
...
5.2.* PTR customer.domain.com.
5.* PTR customer.domain.com.

I believe that the serving of * is determined by RFC, so while BIND
could have its own mechanism to generate records on the fly,
it can't/shouldn't do something different with *.

I suspect that IPV6 PTR records might fall by the wayside
for the general end user, especially since mainstream
IPV6 practices are still being formed and are likely tend toward
what is practical.  Automatically-generated PTR records have
limited value, and *just might* make DNSSEC quite a challenge.
Some other, more practical method may well be devised for ISPs to
show what address space they are making use of.  (For example,
the powers-that-be could choose to provide two top-level PTR
domains for IPV6: one for full records, and the other for
subnet-wide wildcards.)

John
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to