Lets begin with what all we will be covering in this blog post.
We will be covering a lil bit of what is a reverse DNS entry and why do we need it.
We will then cover how to create a reverse DNS entry for two types of ipv6 entries:
- A 6to4 ipv6 ip using our own dns server and a 6to4 nro delegation
- A tunnel broker ipv6 entry using dns provided by he.net
The reverse DNS look up helps to resolve an ip into the respective host name. It is, like the name says, “reverse” of what the DNS normally do.
DNS is used to convert a human readable name like “hackalyst.info” into its corresponding ip.
hackalyst.info has address 126.96.36.199
reverse DNS entry helps to resolve the ip into a hostname.
$ host 188.8.131.52
184.108.40.206.in-addr.arpa domain name pointer hackalyst.info.
Now, why is reverse DNS required?
One of the reasons nicely explained at godaddy is to fight spam.
Other than that, its always cool to have your ip map to your domain name
There are two ways of creating a reverse DNS entry for ipv6.
1) You can create your own DNS server, point your domain name provider to point to your additional DNS.
2) You can use a free dns service provided by dns.he.net
Lets first go through the first option which is slightly lengthier and more DYI and CLI friendly
The wikipedia entry on 6to4 pointed my towards 6to4.nro.net that can be used to create a revese DNS PTR for a 6to4 ip, i.e, an ipv6 starting with 2002:.
The 6to4.nro.net needs dns servers with zone for this reverse delegation. None of the dns servers I host with (domaincontrol.com through godaddy, stabletransit.com via rackspace and he.net) were accepted in 6to4 form. So I decided to setup my own DNS server.
First I setup the DNS name for my DNS (yeah, thats required!) at my existing dns provider.
I am setting up my dns on my own server, hence can simply create sub domains (I used dns1 and dns2 instead of traditional ns1 and ns2) pointing to my own domain. You can create such subdomains pointed to the actual hosts where you will be setting up your DNS. You can set it up on one host or on multiple hosts.
I setup my own DNS server using instructions from devshed forums. Its pretty old but still works.
At the end of configurating the dns server, I initially got an error saying:
_default/67.57.50.in-addr.arpa/IN: file not found
That was because the file name in the config and my actual file name were not the same. After I fixed this issue, still named would refuse to start without throwing any erorrs.
An inspection of /var/log/messages said something about unable to write to the log file.
Jun 24 11:58:22 deltacore named: the working directory is not writable
Jun 24 11:58:22 deltacore named: isc_stdio_open 'query.log' failed: permission denied
Jun 24 11:58:22 deltacore named: configuring logging: permission denied
Jun 24 11:58:22 deltacore named: loading configuration: permission denied
The way to fix was to change the ownership of the /var/named folder and /etc/named to named
#chown -R named:named /var/named /etc/named.conf
And then all was fine
After setting the above DNS server, I needed to add the PTR info for my ipv6.
I found http://www.fpsn.net/index.cgi?pg=tools&tool=ipv6-inaddr via searching and headed over to create my reverse PTR configuration for my own DNS.
In the form:
Record type : select ip6.arpa (new standard)
Assigned IPv6 Block: (your ipv6 block)
DNS Server: (DNS Created above)
Secondary server (DNS Created above)
Then it gives the configuration file which you can add to your named.conf and create the reverse zone file.
Like it says at the end of generated reverse zone file, you need to add the AAAA entry in your respective zone file.
After this, it was just playing around to add “my” DNS servers to my “Domain” NS entries with my service provider.
My primary DNS provider is godaddy. I just added my own DNS entries into the NS entry of my domain.
If you do not want to create your own DNS server (or cannot due to resource crunch), you can use freely available DNS servers from he.net.
For this second purpose, I am going to use both the 6to4 ip above tied with your domain and another ipv6 obtained through tunnelbroker.
DNS provided by he.net can be used for managing your domains and these are pretty good in terms of usability.
Add your domain to your dns.he.net account, create your A,AAAA and other entries.
For creating your reverse DNS entry, you need to create the PTR record. Its available under “Additional” menu in dns.he.net.
For finding out the value of your ipv6 PTR, head over to http://rdns6.com/ and enter your v6 ip. The nibble value is what basically goes into your PTR record. In dns.he.net, the above nibble would be added as Name in PTR entry and your domain name in the Hostname.
If you are using a tunnel broker ipv6, you can login to the dns.he.net using same credentials as your tunnelbroker and it would import and delegate the ipv6 provided to you to the he.net nameservers. (I might be wrong here as I ve been using dns.he.net for quite some time and do not remember the initial steps I took).
Once you ve assigned dns names to your ipv6 ips, you can go and assign those ips and respective domain in the dns.he.net. This creates the PTR record for those ipv6 pointing to your domain.
at the end of the day, this is what should be the result of a perfectly working PTR record.
$ host hackalyst.info
hackalyst.info has address 220.127.116.11
hackalyst.info has IPv6 address 2002:3239:43c3::1
$ host 2002:3239:43c3::1
18.104.22.168.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.c.22.214.171.124.126.96.36.199.0.2.ip6.arpa domain name pointer hackalyst.info.
$ host hackalyst.homeunix.org
hackalyst.homeunix.org has address 188.8.131.52
hackalyst.homeunix.org has IPv6 address 2001:470:5:869:21e:c9ff:fe03:803b
$ host 2001:470:5:869:21e:c9ff:fe03:803b
b.184.108.40.206.0.e.f.f.f.9.c.e.220.127.116.11.18.104.22.168.0.0.0.0.22.214.171.124.0.0.2.ip6.arpa domain name pointer hackalyst.homeunix.org.
So now you know how to create reverse DNS entry aka PTR for your ipv6