version=pmwiki-2.2.130 ordered=1 urlencoded=1 agent=w3m/0.5.3+git20210102 author=jrmu charset=UTF-8 csum= ctime=1627023001 host=38.87.162.8 name=DNS.Ipv4rDNS rev=7 targets= text=(:title IPv4 rDNS:)%0a%0aIn /var/nsd/etc/nsd.conf:%0a%0a[@%0azone:%0a name: "1.1.168.192.in-addr.arpa"%0a zonefile: "master/1.1.168.192.in-addr.arpa"%0a@]%0a(:ifend:)%0a%0aIn /var/nsd/zones/master/1.1.168.192.in-addr.arpa:%0a%0a[@%0a$ORIGIN 1.1.168.192.in-addr.arpa.%0a@ 3600 IN SOA ns1.username.example.com. admin.username.example.com. (%0a 2021072300 ; serial YYYYMMDDnn%0a 3600 ; refresh%0a 3600 ; retry%0a 86400 ; expire%0a 3600 ) ; minimum TTL%0a 3600 IN NS ns1.username.example.com.%0a 3600 IN NS ns2.username.example.com.%0a@ 3600 IN PTR username.example.com.%0a@]%0a time=1646973325 title=IPv4 rDNS author:1646973325=jrmu diff:1646973325:1646972712:=16c16%0a%3c @ 3600 IN SOA ns1.username.example.com. admin.username.example.com. (%0a---%0a> 3600 IN SOA ns1.username.example.com. admin.username.example.com. (%0a host:1646973325=38.87.162.8 author:1646972712=izzyb csum:1646972712=Missing cr in zones/master/ example diff:1646972712:1645691580:minor=15,16c15%0a%3c $ORIGIN 1.1.168.192.in-addr.arpa.%0a%3c 3600 IN SOA ns1.username.example.com. admin.username.example.com. (%0a---%0a> $ORIGIN 1.1.168.192.in-addr.arpa. 3600 IN SOA ns1.username.example.com. admin.username.example.com. (%0a host:1646972712=68.148.177.239 author:1645691580=Thor diff:1645691580:1627046695:=15c15%0a%3c $ORIGIN 1.1.168.192.in-addr.arpa. 3600 IN SOA ns1.username.example.com. admin.username.example.com. (%0a---%0a> 1.1.168.192.in-addr.arpa. 3600 IN SOA ns1.username.example.com. admin.username.example.com. (%0a host:1645691580=27.122.14.45 author:1627046695=jrmu diff:1627046695:1627023109:=3,4c3,10%0a%3c In /var/nsd/etc/nsd.conf:%0a%3c %0a---%0a> We can configure our rDNS using [[openbsd/nsd|nsd]], an authoritative name server. nsd comes as part of openbsd base so no installation will be necessary.%0a> %0a> '''NOTICE''': This guide assumes you have already configured [[openbsd/nsd|nsd]] for forward DNS resolution.%0a> %0a> !! IPv6 Subnet%0a> %0a> Suppose we have been delegated the rDNS zone for our [[openbsd/IPv6|IPv6]] subnet, 2001:550:3402:1:143::/80. To find out our zone, we need to fill in all the missing zeros, put periods between each digit, reverse the digits, then add ip6.arpa:%0a> %0a6,8c12,16%0a%3c zone:%0a%3c name: "1.1.168.192.in-addr.arpa"%0a%3c zonefile: "master/1.1.168.192.in-addr.arpa"%0a---%0a> 2001:550:3402:1:143:: # original subnet%0a> 2001:0550:3402:0001:0143:: # fill in the missing zeros%0a> 2.0.0.1.0.5.5.0.3.4.0.2.0.0.0.1.0.1.4.3 # add periods between each digit%0a> 3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2 # reverse the digits%0a> 3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa # add ip6.arpa%0a9a18,26%0a> %0a> Here is a simple command to do this:%0a> %0a> [@%0a> echo "%3cIPv6 subnet>"|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"%0a> @]%0a> %0a> (:if false:)%0a> grep inet6.*48 /etc/hostname.vio0|awk '{print$2}'|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"%0a12,13c29,183%0a%3c In /var/nsd/zones/master/1.1.168.192.in-addr.arpa:%0a%3c %0a---%0a> Replace %3cIPv6 subnet> with your real IPv6 subnet. Make sure to fill in any missing zeros.%0a> %0a> For example:%0a> %0a> [@%0a> echo "2001:0550:3402:0001"|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"%0a> @]%0a> %0a> !! Zone File%0a> %0a> Now we must create the zone file in /var/nsd/zones/master/3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa:%0a> %0a> [@%0a> $ORIGIN 3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa.%0a> @ 3600 IN SOA ns1.ircnow.org. admin.ircnow.org. (%0a> 2021020105 1800 3600 1209600 3600 )%0a> 3600 IN NS ns1.jrmu.coconut.ircnow.org.%0a> 3600 IN NS ns2.jrmu.coconut.ircnow.org.%0a> 0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR user1.coconut.ircnow.org.%0a> 1.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR user2.coconut.ircnow.org.%0a> @]%0a> %0a> !! /var/nsd/etc/nsd.conf%0a> %0a> Now we only need to add this section to /var/nsd/etc/nsd.conf:%0a> %0a> [@%0a> zone:%0a> name: "3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a> zonefile: "master/3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a> @]%0a> %0a> !! Restart nsd and test%0a> %0a> [@%0a> $ doas rcctl restart nsd%0a> @]%0a> %0a> We can test using [[openbsd/host|host]] or [[openbsd/dig|dig]]:%0a> %0a> [@%0a> host 2001:550:3402:1:143::1 %3cnameserver-ip>%0a> @]%0a> %0a> Replace %3cnameserver-ip> with your actual nameserver IP. Once you have confirmed this is working, you can then ask to have your zone delegated to your nameserver.%0a> %0a> You can then test if both forward and reverse DNS lookup work by using [[openbsd/netcat|netcat]] to connect to IRC.%0a> %0a> (:if false:)%0a> !! Troubleshooting%0a> %0a> !! Primary and secondary server%0a> %0a> If you need a secondary server to host the zone, you can do this as follows. Add to the block that describes your master zone, records about the secondary zone as in the example:%0a> %0a> [@%0a> zone:%0a> name: "example.net"%0a> zonefile: "master/example.net"%0a> notify: 20.20.20.20 NOKEY%0a> provide-xfr: 20.20.20.20 NOKEY%0a> @]%0a> %0a> Create a new block in the secondary server config file, as in the example:%0a> %0a> [@%0a> zone:%0a> name: "example.net"%0a> zonefile: "slave/example.net"%0a> allow-notify: 10.10.10.10 NOKEY%0a> request-xfr: 10.10.10.10 NOKEY%0a> @]%0a> %0a> !! The zone file for NSD%0a> %0a> The next step is to write the zone files for NSD. First the forward lookup zone example.net:%0a> %0a> [@%0a> ; Domain file from My project%0a> %0a> example.net. 3600 SOA ns.example.net. admin.example.net. (%0a> 2020070701 ; serial YYYYMMDDnn%0a> 10800 ; refresh%0a> 3600 ; retry%0a> 604800 ; expire%0a> 86400 ) ; minimum TTL%0a> %0a> example.net. NS ns.example.net.%0a> example.net. NS ns.secondary.net.%0a> ns A 10.10.10.10%0a> example.net. A 10.10.10.10%0a> www A 10.10.10.10%0a> irc A 10.10.10.10%0a> imap A 10.10.10.10%0a> smtp A 10.10.10.10%0a> example.net. mx 10 smtp.example.net.%0a> @]%0a> %0a> Save this zone file as /var/nsd/zones/master/example.net%0a> %0a> !! Configuration check and start%0a> %0a> NSD bring along a tool to check the configuration file before you start or reload the daemon:%0a> %0a> [@%0a> $ doas nsd-checkconf /var/nsd/etc/nsd.conf%0a> @]%0a> %0a> Any errors are reported, so no news are good news. You can go ahead and start NSD:%0a> %0a> [@%0a> $ doas rcctl enable nsd%0a> $ doas rcctl start nsd%0a> @]%0a> %0a> If there are issues you can start nsd in debug mode%0a> %0a> [@%0a> doas nsd -d -V 3%0a> @]%0a> %0a> https://www.denic.de/en/service/tools/nast/%0a> %0a> %0a> %0a> [@%0a> $ORIGIN 1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa.%0a> @ 3600 IN SOA ns1.ircnow.org. admin.ircnow.org. (%0a> 2020112906 1800 3600 1209600 3600 )%0a> 3600 IN NS cherry.ircnow.org.%0a> 3600 IN NS pear.ircnow.org.%0a> 3600 IN NS mango.ircnow.org.%0a> 3600 IN NS peach.ircnow.org.%0a> 3600 IN NS banana.ircnow.org.%0a> 3600 IN NS guava.ircnow.org.%0a> 3600 IN NS jujube.ircnow.org.%0a> 3600 IN NS plum.ircnow.org.%0a> 3600 IN NS fig.ircnow.org.%0a> 3600 IN NS orange.ircnow.org.%0a> 3600 IN NS lemon.ircnow.org.%0a> 3600 IN NS grape.ircnow.org.%0a> 3600 IN NS coconut.ircnow.org.%0a> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR www.example.com.%0a> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR www.example.org.%0a> @]%0a> %0a> In /var/nsd/etc/nsd.conf:%0a> %0a> [@%0a> zone:%0a> name: "1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a> zonefile: "master/1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a> include-pattern: "ircnow.org"%0a> @]%0a> (:ifend:)%0a host:1627046695=38.87.162.8 author:1627023109=jrmu diff:1627023109:1627023020:=2,185d1%0a%3c %0a%3c We can configure our rDNS using [[openbsd/nsd|nsd]], an authoritative name server. nsd comes as part of openbsd base so no installation will be necessary.%0a%3c %0a%3c '''NOTICE''': This guide assumes you have already configured [[openbsd/nsd|nsd]] for forward DNS resolution.%0a%3c %0a%3c !! IPv6 Subnet%0a%3c %0a%3c Suppose we have been delegated the rDNS zone for our [[openbsd/IPv6|IPv6]] subnet, 2001:550:3402:1:143::/80. To find out our zone, we need to fill in all the missing zeros, put periods between each digit, reverse the digits, then add ip6.arpa:%0a%3c %0a%3c [@%0a%3c 2001:550:3402:1:143:: # original subnet%0a%3c 2001:0550:3402:0001:0143:: # fill in the missing zeros%0a%3c 2.0.0.1.0.5.5.0.3.4.0.2.0.0.0.1.0.1.4.3 # add periods between each digit%0a%3c 3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2 # reverse the digits%0a%3c 3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa # add ip6.arpa%0a%3c @]%0a%3c %0a%3c Here is a simple command to do this:%0a%3c %0a%3c [@%0a%3c echo "%3cIPv6 subnet>"|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"%0a%3c @]%0a%3c %0a%3c (:if false:)%0a%3c grep inet6.*48 /etc/hostname.vio0|awk '{print$2}'|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"%0a%3c (:ifend:)%0a%3c %0a%3c Replace %3cIPv6 subnet> with your real IPv6 subnet. Make sure to fill in any missing zeros.%0a%3c %0a%3c For example:%0a%3c %0a%3c [@%0a%3c echo "2001:0550:3402:0001"|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"%0a%3c @]%0a%3c %0a%3c !! Zone File%0a%3c %0a%3c Now we must create the zone file in /var/nsd/zones/master/3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa:%0a%3c %0a%3c [@%0a%3c $ORIGIN 3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa.%0a%3c @ 3600 IN SOA ns1.ircnow.org. admin.ircnow.org. (%0a%3c 2021020105 1800 3600 1209600 3600 )%0a%3c 3600 IN NS ns1.jrmu.coconut.ircnow.org.%0a%3c 3600 IN NS ns2.jrmu.coconut.ircnow.org.%0a%3c 0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR user1.coconut.ircnow.org.%0a%3c 1.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR user2.coconut.ircnow.org.%0a%3c @]%0a%3c %0a%3c !! /var/nsd/etc/nsd.conf%0a%3c %0a%3c Now we only need to add this section to /var/nsd/etc/nsd.conf:%0a%3c %0a%3c [@%0a%3c zone:%0a%3c name: "3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a%3c zonefile: "master/3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a%3c @]%0a%3c %0a%3c !! Restart nsd and test%0a%3c %0a%3c [@%0a%3c $ doas rcctl restart nsd%0a%3c @]%0a%3c %0a%3c We can test using [[openbsd/host|host]] or [[openbsd/dig|dig]]:%0a%3c %0a%3c [@%0a%3c host 2001:550:3402:1:143::1 %3cnameserver-ip>%0a%3c @]%0a%3c %0a%3c Replace %3cnameserver-ip> with your actual nameserver IP. Once you have confirmed this is working, you can then ask to have your zone delegated to your nameserver.%0a%3c %0a%3c You can then test if both forward and reverse DNS lookup work by using [[openbsd/netcat|netcat]] to connect to IRC.%0a%3c %0a%3c (:if false:)%0a%3c !! Troubleshooting%0a%3c %0a%3c !! Primary and secondary server%0a%3c %0a%3c If you need a secondary server to host the zone, you can do this as follows. Add to the block that describes your master zone, records about the secondary zone as in the example:%0a%3c %0a%3c [@%0a%3c zone:%0a%3c name: "example.net"%0a%3c zonefile: "master/example.net"%0a%3c notify: 20.20.20.20 NOKEY%0a%3c provide-xfr: 20.20.20.20 NOKEY%0a%3c @]%0a%3c %0a%3c Create a new block in the secondary server config file, as in the example:%0a%3c %0a%3c [@%0a%3c zone:%0a%3c name: "example.net"%0a%3c zonefile: "slave/example.net"%0a%3c allow-notify: 10.10.10.10 NOKEY%0a%3c request-xfr: 10.10.10.10 NOKEY%0a%3c @]%0a%3c %0a%3c !! The zone file for NSD%0a%3c %0a%3c The next step is to write the zone files for NSD. First the forward lookup zone example.net:%0a%3c %0a%3c [@%0a%3c ; Domain file from My project%0a%3c %0a%3c example.net. 3600 SOA ns.example.net. admin.example.net. (%0a%3c 2020070701 ; serial YYYYMMDDnn%0a%3c 10800 ; refresh%0a%3c 3600 ; retry%0a%3c 604800 ; expire%0a%3c 86400 ) ; minimum TTL%0a%3c %0a%3c example.net. NS ns.example.net.%0a%3c example.net. NS ns.secondary.net.%0a%3c ns A 10.10.10.10%0a%3c example.net. A 10.10.10.10%0a%3c www A 10.10.10.10%0a%3c irc A 10.10.10.10%0a%3c imap A 10.10.10.10%0a%3c smtp A 10.10.10.10%0a%3c example.net. mx 10 smtp.example.net.%0a%3c @]%0a%3c %0a%3c Save this zone file as /var/nsd/zones/master/example.net%0a%3c %0a%3c !! Configuration check and start%0a%3c %0a%3c NSD bring along a tool to check the configuration file before you start or reload the daemon:%0a%3c %0a%3c [@%0a%3c $ doas nsd-checkconf /var/nsd/etc/nsd.conf%0a%3c @]%0a%3c %0a%3c Any errors are reported, so no news are good news. You can go ahead and start NSD:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable nsd%0a%3c $ doas rcctl start nsd%0a%3c @]%0a%3c %0a%3c If there are issues you can start nsd in debug mode%0a%3c %0a%3c [@%0a%3c doas nsd -d -V 3%0a%3c @]%0a%3c %0a%3c https://www.denic.de/en/service/tools/nast/%0a%3c %0a%3c %0a%3c %0a%3c [@%0a%3c $ORIGIN 1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa.%0a%3c @ 3600 IN SOA ns1.ircnow.org. admin.ircnow.org. (%0a%3c 2020112906 1800 3600 1209600 3600 )%0a%3c 3600 IN NS cherry.ircnow.org.%0a%3c 3600 IN NS pear.ircnow.org.%0a%3c 3600 IN NS mango.ircnow.org.%0a%3c 3600 IN NS peach.ircnow.org.%0a%3c 3600 IN NS banana.ircnow.org.%0a%3c 3600 IN NS guava.ircnow.org.%0a%3c 3600 IN NS jujube.ircnow.org.%0a%3c 3600 IN NS plum.ircnow.org.%0a%3c 3600 IN NS fig.ircnow.org.%0a%3c 3600 IN NS orange.ircnow.org.%0a%3c 3600 IN NS lemon.ircnow.org.%0a%3c 3600 IN NS grape.ircnow.org.%0a%3c 3600 IN NS coconut.ircnow.org.%0a%3c 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR www.example.com.%0a%3c 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR www.example.org.%0a%3c @]%0a%3c %0a%3c In /var/nsd/etc/nsd.conf:%0a%3c %0a%3c [@%0a%3c zone:%0a%3c name: "1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a%3c zonefile: "master/1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a%3c include-pattern: "ircnow.org"%0a%3c @]%0a%3c (:ifend:)%0a%3c %0a%3c [@%0a195d10%0a%3c @]%0a host:1627023109=38.87.162.8 author:1627023020=jrmu diff:1627023020:1627023001:=1d0%0a%3c (:title IPv4 rDNS:)%0a host:1627023020=38.87.162.8 author:1627023001=jrmu diff:1627023001:1627023001:=1,9d0%0a%3c 1.1.168.192.in-addr.arpa. 3600 IN SOA ns1.username.example.com. admin.username.example.com. (%0a%3c 2021072300 ; serial YYYYMMDDnn%0a%3c 3600 ; refresh%0a%3c 3600 ; retry%0a%3c 86400 ; expire%0a%3c 3600 ) ; minimum TTL%0a%3c 3600 IN NS ns1.username.example.com.%0a%3c 3600 IN NS ns2.username.example.com.%0a%3c @ 3600 IN PTR username.example.com.%0a host:1627023001=38.87.162.8