[ipv6-wg@ripe.net] Reverse lookup
Hello everyone, I'm testing DNS over IPv6 on a testbed and I'm confronted to an issue. Here is my configuration: I'm working on a Red Hat Distribution (8.0) with Bind 9.2.1.9 I've set up configuration files and the forward lookup works over IPv4 and IPv6 but the reverse lookup is only working with IPv4. (fec0:0:0:1::2 is one of the site-local addresses of my machine (DNS server)) e.g. host fec0:0:0:1::2 gives me: Host \[xFEC00000000000010000000000000002].ip6.arpa not found: 2(serverfail) First I realized that even if I tried to use ip6.int suffix in the configuration files, the message error keeps the same - Host \[xFEC00000000000010000000000000002].ip6.arpa not found: 2(serverfail) !!! Secondly, by sniffing with ethereal the packets, I've seen that the query is well sent to the computer (loop back) but no response is given and then computer tries to ask root DNS... I'm not out of idea, may be one of you can help me ... I post my config files. ------------------------------------------------------------------------------------------------------ ------ Named.conf ------ // generated by named-bootconf.pl options { directory "/var/named"; listen-on-v6 { any; }; }; // // a caching only nameserver config // controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "olympe.gr" IN { type master; file "olympe.gr.zone"; allow-update { none; }; }; zone "236.10.in-addr.arpa" IN { type master; file "10.236.zone"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { type master; file "named.local"; allow-update { none; }; }; // zone "2.0.0.0.0.0.0.0.0.0.0.0.0.c.e.f.ip6.int" { // type master; // file "fec0.0.0.2.zone"; // allow-update { none; }; // }; zone "2.0.0.0.0.0.0.0.0.0.0.0.0.c.e.f.ip6.arpa" { type master; file "fec0.0.0.2.zone"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.c.e.f.ip6.arpa" { type master; file "fec0.0.0.1.zone"; allow-update { none; }; }; // zone "1.0.0.0.0.0.0.0.0.0.0.0.0.c.e.f.ip6.int" { // type master; // file "fec0.0.0.1.zone"; // allow-update { none; }; // }; include "/etc/rndc.key"; -------------------------------------------------------------------------------------------------------- ----- fec0.0.0.1.zone ----- @ IN SOA cassandre.olympe.gr. admin.olympe.gr. ( 2003040603 3H 15M 1W 1D ) IN NS cassandre.olympe.gr. ; $ORIGIN 1.0.0.0.0.0.0.0.0.0.0.0.0.c.e.f.ip6.arpa. $ORIGIN 1.0.0.0.0.0.0.0.0.0.0.0.0.c.e.f.ip6.int. 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR cassandre.olympe.gr. 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR hermes.olympe.gr. 9.6.6.2.f.7.e.f.f.f.7.c.8.0.2.0 IN PTR arion.olympe.gr. - Regards - Thomas
On Tue, 8 Apr 2003 16:25:57 +0200 "BEGIN, Thomas" <tbegin@tf1.fr> wrote:
Hello everyone,
I'm testing DNS over IPv6 on a testbed and I'm confronted to an issue.
Here is my configuration: I'm working on a Red Hat Distribution (8.0) with Bind 9.2.1.9
I've set up configuration files and the forward lookup works over IPv4 and IPv6 but the reverse lookup is only working with IPv4.
(fec0:0:0:1::2 is one of the site-local addresses of my machine (DNS server)) e.g. host fec0:0:0:1::2 gives me: Host \[xFEC00000000000010000000000000002].ip6.arpa not found: 2(serverfail)
First I realized that even if I tried to use ip6.int suffix in the configuration files, the message error keeps the same - Host \[xFEC00000000000010000000000000002].ip6.arpa not found: 2(serverfail) !!!
Secondly, by sniffing with ethereal the packets, I've seen that the query is well sent to the computer (loop back) but no response is given and then computer tries to ask root DNS...
I'm not out of idea, may be one of you can help me ...
The problem is, that the host command asks for an A6 record and your DNS uses AAAA records (which is correct). I use the command ipv6calc -r fec0:0:0:1::2 to reverse the ip and the do a dig xxx.ip6.arpa PTR to check the reverse delegations. Hope that gives some input to you. Best regards Matthias -- _;\_ Matthias Cramer / mc322-ripe System & Network Manager /_. \ Dolphins Network Systems AG Phone +41-1-847'45'45 |/ -\ .) Libernstrasse 24 Fax +41-1-847'45'49 -'^`- \; CH-8112 Otelfingen http://www.dolphins.ch/ GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250
On Tue, 8 Apr 2003 16:31:32 +0200, Matthias Cramer <cramer@dolphins.ch> said:
On Tue, 8 Apr 2003 16:25:57 +0200 "BEGIN, Thomas" <tbegin@tf1.fr> wrote:
Hello everyone,
I'm testing DNS over IPv6 on a testbed and I'm confronted to an issue.
Here is my configuration: I'm working on a Red Hat Distribution (8.0) with Bind 9.2.1.9
I've set up configuration files and the forward lookup works over IPv4 and IPv6 but the reverse lookup is only working with IPv4.
(fec0:0:0:1::2 is one of the site-local addresses of my machine (DNS server)) e.g. host fec0:0:0:1::2 gives me: Host \[xFEC00000000000010000000000000002].ip6.arpa not found: 2(serverfail)
First I realized that even if I tried to use ip6.int suffix in the configuration files, the message error keeps the same - Host \[xFEC00000000000010000000000000002].ip6.arpa not found: 2(serverfail) !!!
Secondly, by sniffing with ethereal the packets, I've seen that the query is well sent to the computer (loop back) but no response is given and then computer tries to ask root DNS...
I'm not out of idea, may be one of you can help me ...
The problem is, that the host command asks for an A6 record and your DNS uses AAAA records (which is correct).
No, host *does* make an inverse (i.e. PTR) query, but it uses the old-style bit-label/ip6.arpa (RFC2874) combination by default. Bit-lables were never widely used and the RFC has been moved to experimental status by RFC3363. You can change that behavior to nibble-label/ip6.int (RFC1886) with the -n option of the host command. Actually, that is deprecated as well by RFC3152. The Right Thing nowadays is nibble-lables in ip6.arpa. If you want to be sure that inverse queries always work, you should have ip6.arpa as well as ip6.int and set them up identically for the time being. Oh, well. -- Alex
participants (3)
-
Alexander Gall -
BEGIN, Thomas -
Matthias Cramer