[133165] in North American Network Operators' Group
Re: How do you do rDNS for IPv6 ?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sun Dec 5 17:54:56 2010
From: Owen DeLong <owen@delong.com>
In-Reply-To: <20101205221359.90053.qmail@joyce.lan>
Date: Sun, 5 Dec 2010 14:54:43 -0800
To: John Levine <johnl@iecc.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 5, 2010, at 2:13 PM, John Levine wrote:
> I've been pondering IPv6 setups, and I don't understand how IPv6 rDNS
> is supposed to work. It's clear enough how you look up any particular
> address, but it's not at all clear to me what you put into an rDNS
> zone and how you put it there.
>=20
Pretty much the same thing you put into an IPv4 zone... PTR records.
For example:
owen.delong.com. IN AAAA 2620:0:930::200:2
=
2.0.0.0.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.9.0.0.0.0.0.0.2.6.2.ip6.arpa. =
IN PTR owen.delong.com.
> In IPv4 land, it is standard to assign matching forward and reverse
> DNS for every live IP, and a fair number of services treat requests
> from hosts without rDNS with added scepticism. For consumer networks,
> it's often something like 12-34-56-78.adsl.incompetent.net, with the
> numbers being the IP address forward or backwards.
>=20
Ah, so you're not talking about assigning to live hosts, your talking =
about
the unfortunate habit of assigning to every possible host. Yeah, that =
trick
doesn't work in IPv6.
> So if every customer gets a /64, what do you do? You can use a
> wildcard to give the same rDNS to all 2^64 addresses, but you can't do
> matching forward DNS, since a DNS response with 2^64 AAAA records
> would be, ah, a little unwieldy.
>=20
First, customers should be getting more than a /64. A /64 should be a =
single
subnet and customers should, ideally, be getting a /48 for each end =
site.
In general, for the most part, the services that treat missing rDNS with =
additional
skepticism also treat rDNS entries like 12-34-56-78.adsl.incompetent.net =
with
that same or greater skepticism, so, I wouldn't worry too much about it.
For hosts where it does matter, you've got to create an AAAA record =
somehow
(just like you needed to create an A record somehow), so, you should be
able to use that same process to generate the AAAA and PTR records.
> When hosts self-configure their low 64 bits, do you install a suitable
> PTR and AAAA into your DNS? If so, how? Do you use DHCPv6 and have =
it
> install the DNS? Do you do something else?
>=20
If you care, you probably need to use DHCPv6 for this and it should be =
able
to build both the AAAA and PTR records.
Owen
