One implementation of IPv6 reverse DNS server
Problems:
Most of Japanese ISPs offer IPv4 reverse DNS for customer's IP addresses which are assigned dinamically.
They are considering that they should offer IPv6 reverse DNS server for their customers.
But how to implement?
Idea:
Each IPv6 address and hostname which is written in PTR RR must have one to one mapping.
Consider hostname as 32-character hexadecimal representation of IPv6 address (without :)
with fixed domain name suffix.
If an authoritative server receives PTR lookup, it generates corresponding hostname and answers it.
And more, the generated hostname should be resolved by forward lookup.
It is easy to implement because the generated hostname contains raw IPv6 address.
For example,
Suppose domainname suffix = .user.example.jp
IPv6 address of the query = 2001:db8::1
Input query = 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa
Then the server generates,
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa IN PTR 20010db8000000000000000000000001.user.example.jp.
Forward lookup will return:
20010db8000000000000000000000001.user.example.jp. IN AAAA 2001:db8::1
And more, consider zone cut's NS RR and SOA RR.
Zone cut & other RRs
8.b.d.0.1.0.0.2 IN NS, SOA
user.example.jp IN NS, SOA
I implemented this DNS server using perl Net::DNS::Nameserver package as 1 hour work.
My first implementation is v6rev.orig.pl.
DNSSEC support for IPv6 reverse DNS server
Source code: v6rev.pl which supports multiple reverse zones.
Source code: v6rev-dnssec-1rev.pl which does not supports multiple reverse zones.
Wrapper script for v6rev: run-v6rev
Requires: Perl 5.8, 5.10 with Net::DNS::SEC.
It requires configration file.
- server_address: [Servers IP addresses]
- server_port: [Server port number [53]]
- pid_file: [PID file path]
- reconfig_interval: [time interval between reconfig/reload [3600]]
- reverse_domainname: [domainname of reverse trees]
- forward_domainname: [domainname of forward tree]
- keyfile_dir: [KSK, ZSK file directory. you need to generate KSK and ZSK for both forward and reverse. If you use BIND 9.7's dnssec-keygen, you need to add '-C' option for dnssec-keygen. ]
- ttl: [TTL value [3600]]
- nsname: [DNS server name]
- enable_dnssec: [0 or 1]
- querylog: [0 or 1]
- static_ptr: REVERSE_DOMAIN_FQDN HOSTNAME_FQDN # Define fixed reverse hostname.
It generates signs for each DNS query.
I run this package in my company's research network.
IPv6 address is 2001:200:132:6::/64
Hostname suffix is .user.dnslab.jp.
My configuration is v6rev.conf
You can check our serves response using dig command.
dig @v6rev.dnslab.jp -x 2001:200:132:6::1 +dnssec
Written by Kazunori Fujiwara, JPRS