how to configure zones files for ipv6 in CentOS

SarahGurung · 02-08-2013, 10:58 PM

Oh hi all,

I have 3 ipv6 addresses for the dns servers(one master n 2 slaves and using CentOS). I wanted to configure the dns to make it use the ipv6 addresses too.

i have given the address to the interface of all the 3 servers and it seems fine.Now I'm having problem with the zone configuration for ipv6 and also the reverse.conf configuration.

I'm not sure what should be given for $ORIGIN,the format i mean and also in the reverse.conf,does it need to b same and does the name of zone file has to b same with $ORIGIN?

I have been go-ogling since yesterday but all in vain.

Would b really grateful if somebody could help me out.

david1941 · 02-09-2013, 05:14 PM

Here's my CentOS 6.3:

Code:

maplepark.com.	IN	SOA	ns1.maplepark.com.	hostmaster.maplepark.com. (
		2013020601      ; serial 
		4h  		; refresh 4 hours
		1h  		; retry 60 minutes
		20d	  	; expire 20 days
		2h  		; minimum (NRX) 2 hours
		)
@	IN	A	99.178.153.41
@	IN	AAAA	2001:470:1f11:7d0::4  ;; via he.net tunnel
@	IN	AAAA	2001:470:1f11:7d0::63b2:9929 		; 4-in-6 

And for rDNS
$ORIGIN 0.d.7.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa.
$TTL 86400      ; 1 day
@			IN SOA  maplepark.com. hostmaster.maplepark.com. (
	                        2013020601 ; serial
        	                28800      ; refresh (8 hours)
                	        7200       ; retry (2 hours)
                        	604800     ; expire (1 week)
                        	86400      ; minimum (1 day)
				)  ; Global tunnel prefix/64 for maplepark.com IPv6 is:2001:470:1f11:7d0/64
@			IN	NS	maplepark.com.
$ORIGIN 0.d.7.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa.
3.e.c.f.f.5.e.f.f.f.5.6.f.6.e.1 PTR	pati.maplepark.com.	; 2001:470:1f11:7d0:1e6f:65ff:fe5f:fce3
4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR	maplepark.com.		; 2001:470:1f11:7d0::4
;; 4.9.6.a.c.0.d.7.c.d.f.7.b.e.d.4	PTR	unassigned.maplepark.com.		; 2001:470:1f11:7d0:4deb:7fdc:7d0c:a694
a.a.a.7.b.3.e.f.f.f.7.4.8.f.2.e PTR	drf5n.maplepark.com.	; 2001:470:1f11:7d0:e2f8:47ff:fe3b:7aaa
6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR	drflaptop.maplepark.com.  ; 2001:470:1f11:7d0::6
9.2.9.9.2.b.3.6.0.0.0.0.0.0.0.0	PTR	4in6.maplepark.com.	;2001:470:1f11:7d0::63b2:9929/128 (99.178.153.41)

Skaperen · 02-10-2013, 02:10 PM

When I want to translate an IPv6 address into the reverse DNS zone name, I use this cheat:

Code:

lorentz/phil /home/phil 184> dig ptr -x 2222:3333:4444:5555:6666:7777:8888:9999 | grep 'IN PTR'
;9.9.9.9.8.8.8.8.7.7.7.7.6.6.6.6.5.5.5.5.4.4.4.4.3.3.3.3.2.2.2.2.ip6.arpa. IN PTR
lorentz/phil /home/phil 185>

SarahGurung · 02-13-2013, 12:03 AM

is it that the one written in $ORIGIN should be same as that in reverse zone ???I'm confused with that because it seems the formats are different and have problems there..

OR are they having the same format?

david1941 · 02-13-2013, 08:49 AM

That origin in my first post was incorrect. The rDNS of my prefix/64 was delegated to maplepark.com so:

Code:

$TTL 86400      ; 1 day
@			IN SOA  maplepark.com. hostmaster.maplepark.com. (
	                        2013021301 ; serial
        	                28800      ; refresh (8 hours)
                	        7200       ; retry (2 hours)
                        	604800     ; expire (1 week)
                        	86400      ; minimum (1 day)
				)  ; Global tunnel prefix/64 for maplepark.com IPv6 is:2001:470:1f11:7d0/64
@			IN	NS	maplepark.com.
$ORIGIN 0.d.7.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa.
3.e.c.f.f.5.e.f.f.f.5.6.f.6.e.1 PTR	pati.maplepark.com.	; 2001:470:1f11:7d0:1e6f:65ff:fe5f:fce3
4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR	maplepark.com.		; 2001:470:1f11:7d0::4
;; 4.9.6.a.c.0.d.7.c.d.f.7.b.e.d.4	PTR	unassigned.maplepark.com.		; 2001:470:1f11:7d0:4deb:7fdc:7d0c:a694
a.a.a.7.b.3.e.f.f.f.7.4.8.f.2.e PTR	drf5n.maplepark.com.	; 2001:470:1f11:7d0:e2f8:47ff:fe3b:7aaa
6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR	drflaptop.maplepark.com.  ; 2001:470:1f11:7d0::6
9.2.9.9.2.b.3.6.0.0.0.0.0.0.0.0	PTR	4in6.maplepark.com.	;2001:470:1f11:7d0::63b2:9929/128 (99.178.153.41)
;; PREFIX=2001:470:1f11:7d0: ; IPv6=$PREFIX$(printf ":%02x%02x:%02x%02x\n" 99 178 153 41)

when cannonized (named-checkzone -D -o tunneled.ip6.arpa.canonical ip6.arpa) becomes:

Code:

ip6.arpa.				      86400 IN SOA	maplepark.com. hostmaster.maplepark.com. 2013021301 28800 7200 604800 86400
ip6.arpa.				      86400 IN NS	maplepark.com.
4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.7.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 86400	IN PTR maplepark.com.
6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.7.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 86400	IN PTR drflaptop.maplepark.com.
9.2.9.9.2.b.3.6.0.0.0.0.0.0.0.0.0.d.7.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 86400	IN PTR 4in6.maplepark.com.
3.e.c.f.f.5.e.f.f.f.5.6.f.6.e.1.0.d.7.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 86400	IN PTR pati.maplepark.com.
a.a.a.7.b.3.e.f.f.f.7.4.8.f.2.e.0.d.7.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 86400	IN PTR drf5n.maplepark.com.

Now, I don't feel like I really understand all this but as Hurricane Electric delegated the rDNS to us and if I now do a lookup from a hosted machine offsite like this:

Code:

host 2001:470:1f11:7d0::63b2:9929 2001:470:1f11:7d0::4        
Using domain server:
Name: 2001:470:1f11:7d0::4
Address: 2001:470:1f11:7d0::4#53
Aliases: 

9.2.9.9.2.b.3.6.0.0.0.0.0.0.0.0.0.d.7.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa domain name pointer 4in6.maplepark.com.

it appears to work.

david1941 · 02-15-2013, 11:25 AM

"is it that the one written in $ORIGIN should be same as that in reverse zone ???I'm confused with that because it seems the formats are different and have problems there..
OR are they having the same format?"

That first file in #5 shows the zone file with an @ as the origin. I load it via my named.conf as zone named "0.d.7.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa" and it answers queries of addresses under that /64 from the ns server "maplepark.com". My tunnel broker, he.net, delegates the rdns for my ip6.arpa space to "maplepark.com".

The zone entry in my named.conf:

Code:

zone "0.d.7.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa"{
	type master;
	notify yes;
	allow-transfer { slave-name-servers ; };
	file "/var/named/drf/internal/tunneled.ip6.arpa";
	}; //IPv6 is global so internal machines have native global access -- so give them a reverse existence.

I use views and have this zone duplicated in both the internal (LAN) and external (WAN) views. All must be IPv6 firewalled as they are exposed externally.