[133176] in North American Network Operators' Group
Re: How do you do rDNS for IPv6 ?
daemon@ATHENA.MIT.EDU (Jima)
Sun Dec 5 21:41:49 2010
Date: Sun, 05 Dec 2010 20:41:24 -0600
From: Jima <nanog@jima.tk>
To: nanog@nanog.org
In-Reply-To: <20101205221359.90053.qmail@joyce.lan>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/5/2010 4:13 PM, John Levine wrote:
> In IPv4 land, it is standard to assign matching forward and reverse
> DNS for every live IP, and a fair number of services treat requests
> from hosts without rDNS with added scepticism. For consumer networks,
> it's often something like 12-34-56-78.adsl.incompetent.net, with the
> numbers being the IP address forward or backwards.
>
> So if every customer gets a /64, what do you do? You can use a
> wildcard to give the same rDNS to all 2^64 addresses, but you can't do
> matching forward DNS, since a DNS response with 2^64 AAAA records
> would be, ah, a little unwieldy.
I thought the same thing, actually, which is why I made my own
solution. I ended up writing a DNS server in perl (using
Net::DNS::Nameserver) that replies to reverse queries with a
reproducible PTR -- generated by encoding the IP in base32. (Or the
second half of the IP, in the case of a few "known" networks.) Forward
queries for the matching name decode the base32.
The host-specific part of the DNS is kind of long (26 characters, or
13 for known networks), but it's marginally shorter than the full IP
(which would be 32/16 characters, without separators). I'm pretty happy
with the results, but I'd love to hear if anyone's come up with more
elegant solutions.
Jima
