[133213] in North American Network Operators' Group
Re: How do you do rDNS for IPv6 ?
daemon@ATHENA.MIT.EDU (Jared Mauch)
Mon Dec 6 12:41:39 2010
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <4CFC4D54.7060501@jima.tk>
Date: Mon, 6 Dec 2010 12:41:19 -0500
To: Jima <nanog@jima.tk>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 5, 2010, at 9:41 PM, Jima wrote:
> On 12/5/2010 4:13 PM, John Levine wrote:
>> In IPv4 land, it is standard to assign matching forward and reverse
>> DNS for every live IP, and a fair number of services treat requests
>> from hosts without rDNS with added scepticism. For consumer networks,
>> it's often something like 12-34-56-78.adsl.incompetent.net, with the
>> numbers being the IP address forward or backwards.
>>=20
>> So if every customer gets a /64, what do you do? You can use a
>> wildcard to give the same rDNS to all 2^64 addresses, but you can't =
do
>> matching forward DNS, since a DNS response with 2^64 AAAA records
>> would be, ah, a little unwieldy.
>=20
> I thought the same thing, actually, which is why I made my own =
solution. I ended up writing a DNS server in perl (using =
Net::DNS::Nameserver) that replies to reverse queries with a =
reproducible PTR -- generated by encoding the IP in base32. (Or the =
second half of the IP, in the case of a few "known" networks.) Forward =
queries for the matching name decode the base32.
> The host-specific part of the DNS is kind of long (26 characters, or =
13 for known networks), but it's marginally shorter than the full IP =
(which would be 32/16 characters, without separators). I'm pretty happy =
with the results, but I'd love to hear if anyone's come up with more =
elegant solutions.
Anyone done this dynamic synthesis w/ bind? dnssec thoughts as well? i =
know this isn't namedroppers, but perhaps someone can post some code or =
examples, or a link to a webpage with them?=20
- Jared=
