version=pmwiki-2.2.130 ordered=1 urlencoded=1 agent=w3m/0.5.3+git20210102 author=jrmu charset=UTF-8 csum= ctime=1627022617 host=38.87.162.8 name=DNS.Ipv6rDNS rev=16 targets=Nsd.Configure,Openbsd.Nsd,Openbsd.IPv6,Dns.FQDN,Host.Usage,Dig.Usage,Openbsd.Netcat text=(:title Configuring IPv6 rDNS using NSD:)%0a%0a!! Overview%0a%0aMany internet protocols require your address' rDNS to match forward DNS to work properly. For IRC, proper rDNS is required for your vhost to load properly. For email, proper rDNS is required to avoid being marked as spam. In this guide, we use [[nsd/configure|nsd]], an authoritative name server, to provide rDNS.%0a%0a!! Installation%0a%0ansd comes as part of openbsd base so no installation will be necessary.%0a%0a'''NOTE''': This guide assumes you have already configured [[openbsd/nsd|nsd]] for forward DNS resolution.%0a%0a!! Docs and references%0a%0aConsult the man pages for [[https://man.openbsd.org/nsd|nsd]], [[https://man.openbsd.org/nsd.conf|nsd.conf]], [[https://man.openbsd.org/nsd-checkconf|nsd-checkconf]], and [[https://man.openbsd.org/nsd-checkzone|nsd-checkzone]].%0a%0a[[http://www.zytrax.com/books/dns|DNS for Rocket Scientists]] and [[http://tcpipguide.com/free/t_DNSReverseNameResolutionUsingtheINADDRARPADomain.htm|The TCP/IP Guide]] are helpful resources for further reading.%0a%0a!! Configuration%0a%0a!!! IPv6 Subnet%0a%0aSuppose we have been delegated the rDNS zone for our [[openbsd/IPv6|IPv6]] subnet, 2001:db8:1::/48. To find out our zone, we need to fill in all the missing zeros, put periods between each digit, reverse the digits, then add ip6.arpa:%0a%0aWARNING: You must fill in all missing zeros!%0a%0a[@%0a2001:db8:1:: # original subnet is /48%0a2001:0db8:0001:: # fill in the missing zeros up to the /48 subnet%0a2.0.0.1.0.d.b.8.0.0.0.1 # add periods between each digit%0a1.0.0.0.8.b.d.0.1.0.0.2 # reverse the digits%0a1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa # add ip6.arpa%0a@]%0a%0aHere's a second example with the subnet 2602:fccf:1:1::/64:%0a%0a[@%0a2602:fccf:1:1:: # original subnet%0a2602:fccf:0001:0001:: # fill in the missing zeros up to the /64 subnet%0a2.6.0.2.f.c.c.f.0.0.0.1.0.0.0.1 # add periods between each digit%0a1.0.0.0.1.0.0.0.f.c.c.f.2.0.6.2 # reverse the digits%0a1.0.0.0.1.0.0.0.f.c.c.f.2.0.6.2.ip6.arpa # add ip6.arpa%0a@]%0a%0a'''NOTE''': Your zone must have subnet divided by 4 number of hex digits. If you have a /48 subnet, this means you will have 48/4 = 12 hex digits. If you have a /64 subnet, you will have 64/4 = 16 hex digits.%0a%0aHere is a command to do this:%0a%0a[@%0a$ perl -e 'print substr(join(".",(split//,sprintf("%25032s", scalar reverse(join("", map(sprintf("%2504s", $_), split(":", "%3cIP6>"))))))),(64-%3cSUBNET>/2)).".ip6.arpa.\n";'%0a@]%0a%0aYou need to replace %3cIP6> with your real IP address and %3cSUBNET> with your subnet length. For example, if you had the IPv6 address 2001:db8:1:: with a /48 subnet, you would type this into the command line:%0a%0a[@%0a$ perl -e 'print substr(join(".",(split//,sprintf("%25032s", scalar reverse(join("", map(sprintf("%2504s", $_), split(":", "2001:db8:1::"))))))),(64-48/2)).".ip6.arpa\n";'%0a1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa%0a@]%0a%0aSo, you know the name of your zone file is /var/nsd/zones/master/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa%0a%0a(:if false:)%0aecho "%3cIPv6 subnet>"|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"%0agrep inet6.*48 /etc/hostname.vio0|awk '{print$2}'|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"%0a(:ifend:)%0a%0a!!! Zone File%0a%0aInside the zone file /var/nsd/zones/master/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa, we create these records:%0a%0a[@%0a$ORIGIN 1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.%0a@ 3600 IN SOA ns1.example.com. admin.example.com. (%0a 2021082301 1800 3600 1209600 3600 )%0a 3600 IN NS ns1.example.com.%0a 3600 IN NS ns2.example.com.%0a0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR user1.example.com.%0a1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR user2.example.com.%0a@]%0a%0aThe records must have 32 - $SUBNET/4 hex digits. For example, if your subnet is length 48, then your records will have 32 - 48/4 = 20 hex digits. If you subnet length is 64, then your records will have 32 - 64/4 = 16 hex digits.%0a%0a'''NOTE''': All of the PTR records should have values that end with a final dot . -- they should be [[Dns/FQDN|fully qualified domain names]]. Without a terminating dot, a record like:%0a%0a[@%0a1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR user2%0a@]%0a%0awould have $ORIGIN appended to it, so it would be interpreted as user2.1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. This is probably not what you intended!%0a%0a!!! /var/nsd/etc/nsd.conf%0a%0aNow we need to add this section to /var/nsd/etc/nsd.conf:%0a%0a[@%0azone:%0a name: "1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa"%0a zonefile: "master/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa"%0a@]%0a%0a!!! Restart nsd and test%0a%0a[@%0a$ doas rcctl restart nsd%0a@]%0a%0a!! Results%0a%0aWe now test using [[host/usage|host]] or [[dig/usage|dig]]:%0a%0a[@%0ahost 2001:db8:1:: %3cnameserver-ip>%0a@]%0a%0aReplace %3cnameserver-ip> with your actual nameserver IP. Once you have confirmed this is working, you can then ask to have your zone delegated to your nameserver.%0a%0aYou can then test if both forward and reverse DNS lookup work by using [[openbsd/netcat|netcat]] to connect to IRC.%0a%0a(:if false:)%0a%0a!! Troubleshooting%0a%0a!!! Primary and secondary server%0a%0aIf you need a secondary server to host the zone, you can do this as follows. Add to the block that describes your master zone, records about the secondary zone as in the example:%0a%0a[@%0azone:%0a name: "example.net"%0a zonefile: "master/example.net"%0a notify: 20.20.20.20 NOKEY%0a provide-xfr: 20.20.20.20 NOKEY%0a@]%0a%0aCreate a new block in the secondary server config file, as in the example:%0a%0a[@%0azone:%0a name: "example.net"%0a zonefile: "slave/example.net"%0a allow-notify: 10.10.10.10 NOKEY%0a request-xfr: 10.10.10.10 NOKEY%0a@]%0a%0a!! The zone file for NSD%0a%0aThe next step is to write the zone files for NSD. First the forward lookup zone example.net:%0a%0a[@%0a; Domain file from My project%0a%0aexample.net. 3600 SOA ns.example.net. admin.example.net. (%0a 2020070701 ; serial YYYYMMDDnn%0a 10800 ; refresh%0a 3600 ; retry%0a 604800 ; expire%0a 86400 ) ; minimum TTL%0a%0aexample.net. NS ns.example.net.%0aexample.net. NS ns.secondary.net.%0ans A 10.10.10.10%0aexample.net. A 10.10.10.10%0awww A 10.10.10.10%0airc A 10.10.10.10%0aimap A 10.10.10.10%0asmtp A 10.10.10.10%0aexample.net. mx 10 smtp.example.net.%0a@]%0a%0aSave this zone file as /var/nsd/zones/master/example.net%0a%0a!! Configuration check and start%0a%0aNSD bring along a tool to check the configuration file before you start or reload the daemon:%0a%0a[@%0a$ doas nsd-checkconf /var/nsd/etc/nsd.conf%0a@]%0a%0aAny errors are reported, so no news are good news. You can go ahead and start NSD:%0a%0a[@%0a$ doas rcctl enable nsd%0a$ doas rcctl start nsd%0a@]%0a%0aIf there are issues you can start nsd in debug mode%0a%0a[@%0adoas nsd -d -V 3%0a@]%0a%0ahttps://www.denic.de/en/service/tools/nast/%0a%0a%0a%0a[@%0a$ORIGIN 1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa.%0a@ 3600 IN SOA ns1.ircnow.org. admin.ircnow.org. (%0a 2020112906 1800 3600 1209600 3600 )%0a 3600 IN NS cherry.ircnow.org.%0a 3600 IN NS pear.ircnow.org.%0a 3600 IN NS mango.ircnow.org.%0a 3600 IN NS peach.ircnow.org.%0a 3600 IN NS banana.ircnow.org.%0a 3600 IN NS guava.ircnow.org.%0a 3600 IN NS jujube.ircnow.org.%0a 3600 IN NS plum.ircnow.org.%0a 3600 IN NS fig.ircnow.org.%0a 3600 IN NS orange.ircnow.org.%0a 3600 IN NS lemon.ircnow.org.%0a 3600 IN NS grape.ircnow.org.%0a 3600 IN NS coconut.ircnow.org.%0a0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR www.example.com.%0a1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR www.example.org.%0a@]%0a%0aIn /var/nsd/etc/nsd.conf:%0a%0a[@%0azone:%0a name: "1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a zonefile: "master/1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a include-pattern: "ircnow.org"%0a@]%0a(:ifend:)%0a time=1629719716 title=Configuring IPv6 rDNS using NSD author:1629719716=jrmu diff:1629719716:1629667104:=73c73%0a%3c @ 3600 IN SOA ns1.example.com. admin.example.com. (%0a---%0a> @ 3600 IN SOA ns1.example.com admin.example.com (%0a host:1629719716=38.87.162.8 author:1629667104=mkf csum:1629667104=day update. diff:1629667104:1627887693:minor=74c74%0a%3c 2021082301 1800 3600 1209600 3600 )%0a---%0a> 2021072201 1800 3600 1209600 3600 )%0a host:1629667104=198.251.81.133 author:1627887693=jrmu diff:1627887693:1627219784:=82,89d81%0a%3c %0a%3c '''NOTE''': All of the PTR records should have values that end with a final dot . -- they should be [[Dns/FQDN|fully qualified domain names]]. Without a terminating dot, a record like:%0a%3c %0a%3c [@%0a%3c 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR user2%0a%3c @]%0a%3c %0a%3c would have $ORIGIN appended to it, so it would be interpreted as user2.1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. This is probably not what you intended!%0a host:1627887693=38.87.162.8 author:1627219784=jrmu diff:1627219784:1627195484:= host:1627219784=38.87.162.8 author:1627195484=jrmu diff:1627195484:1627195081:=81,82c81,82%0a%3c The records must have 32 - $SUBNET/4 hex digits. For example, if your subnet is length 48, then your records will have 32 - 48/4 = 20 hex digits. If you subnet length is 64, then your records will have 32 - 64/4 = 16 hex digits.%0a%3c %0a---%0a> The records must have $SUBNET/4 hex digits. For example, if your subnet is length 48, then your records will have 48/4 = 12 hex digits.%0a> %0a85,86c85,86%0a%3c Now we need to add this section to /var/nsd/etc/nsd.conf:%0a%3c %0a---%0a> Now we only need to add this section to /var/nsd/etc/nsd.conf:%0a> %0a99,102c99,100%0a%3c !! Results%0a%3c %0a%3c We now test using [[host/usage|host]] or [[dig/usage|dig]]:%0a%3c %0a---%0a> We can test using [[openbsd/host|host]] or [[openbsd/dig|dig]]:%0a> %0a112d109%0a%3c %0a host:1627195484=38.87.162.8 author:1627195081=jrmu diff:1627195081:1627195028:= host:1627195081=38.87.162.8 author:1627195028=jrmu diff:1627195028:1627051664:=50c50%0a%3c $ perl -e 'print substr(join(".",(split//,sprintf("%25032s", scalar reverse(join("", map(sprintf("%2504s", $_), split(":", "%3cIP6>"))))))),(64-%3cSUBNET>/2)).".ip6.arpa.\n";'%0a---%0a> $ perl -e 'print substr(join(".",(split//,sprintf("%25032s", scalar reverse(join("", map(sprintf("%2504s", $_), split(":", $IP6))))))),(64-$SUBNET/2)).".ip6.arpa.\n";'%0a53,54c53,55%0a%3c You need to replace %3cIP6> with your real IP address and %3cSUBNET> with your subnet length. For example, if you had the IPv6 address 2001:db8:1:: with a /48 subnet, you would type this into the command line:%0a%3c %0a---%0a> You need to replace $IP6 with your real IP address and $SUBNET with your subnet length.%0a> For example, if you had the IPv6 address 2001:db8:1:: with a /48 subnet, you would type this into the command line:%0a> %0a65a67%0a> %0a host:1627195028=38.87.162.8 author:1627051664=jrmu diff:1627051664:1627051504:=51a52%0a> 64 - subnet/2%0a host:1627051664=38.87.162.8 author:1627051504=jrmu diff:1627051504:1627051475:=47c47%0a%3c Here is a command to do this:%0a---%0a> Here is a simple command to do this:%0a host:1627051504=38.87.162.8 author:1627051475=jrmu diff:1627051475:1627049672:=50c50%0a%3c $ perl -e 'print substr(join(".",(split//,sprintf("%25032s", scalar reverse(join("", map(sprintf("%2504s", $_), split(":", $IP6))))))),(64-$SUBNET/2)).".ip6.arpa.\n";'%0a---%0a> $ perl -e 'print substr(join(".",(split//,sprintf("%25032s", scalar reverse(join("", map(sprintf("%2504s", $_), split(":", $IP6))))))),($SUBNET/2)).".ip6.arpa.\n";'%0a52,53c52%0a%3c 64 - subnet/2%0a%3c %0a---%0a> %0a58,59c57,58%0a%3c $ perl -e 'print substr(join(".",(split//,sprintf("%25032s", scalar reverse(join("", map(sprintf("%2504s", $_), split(":", "2001:db8:1::"))))))),(64-48/2)).".ip6.arpa\n";'%0a%3c 1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa%0a---%0a> $ perl -e 'print substr(join(".",(split//,sprintf("%25032s", scalar reverse(join("", map(sprintf("%2504s", $_), split(":", "2001:db8:1::"))))))),(48/2)).".ip6.arpa\n";'%0a> 0.0.0.0.0.0.0.0.1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa%0a62,63c61,62%0a%3c So, you know the name of your zone file is /var/nsd/zones/master/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa%0a%3c %0a---%0a> This gives you the name of your zone file.%0a> %0a72,73c71,72%0a%3c Inside the zone file /var/nsd/zones/master/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa, we create these records:%0a%3c %0a---%0a> Now we must create the zone file in /var/nsd/zones/master/3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa:%0a> %0a75,81c74,80%0a%3c $ORIGIN 1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.%0a%3c @ 3600 IN SOA ns1.example.com admin.example.com (%0a%3c 2021072201 1800 3600 1209600 3600 )%0a%3c 3600 IN NS ns1.example.com.%0a%3c 3600 IN NS ns2.example.com.%0a%3c 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR user1.example.com.%0a%3c 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR user2.example.com.%0a---%0a> $ORIGIN 3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa.%0a> @ 3600 IN SOA ns1.ircnow.org. admin.ircnow.org. (%0a> 2021020105 1800 3600 1209600 3600 )%0a> 3600 IN NS ns1.jrmu.coconut.ircnow.org.%0a> 3600 IN NS ns2.jrmu.coconut.ircnow.org.%0a> 0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR user1.coconut.ircnow.org.%0a> 1.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR user2.coconut.ircnow.org.%0a84,85d82%0a%3c The records must have $SUBNET/4 hex digits. For example, if your subnet is length 48, then your records will have 48/4 = 12 hex digits.%0a%3c %0a92,93c89,90%0a%3c name: "1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa"%0a%3c zonefile: "master/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa"%0a---%0a> name: "3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a> zonefile: "master/3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a105c102%0a%3c host 2001:db8:1:: %3cnameserver-ip>%0a---%0a> host 2001:550:3402:1:143::1 %3cnameserver-ip>%0a host:1627051475=38.87.162.8 author:1627049672=jrmu diff:1627049672:1627032926:=50c50%0a%3c $ perl -e 'print substr(join(".",(split//,sprintf("%25032s", scalar reverse(join("", map(sprintf("%2504s", $_), split(":", $IP6))))))),($SUBNET/2)).".ip6.arpa.\n";'%0a---%0a> echo "%3cIPv6 subnet>"|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"%0a53,62d52%0a%3c You need to replace $IP6 with your real IP address and $SUBNET with your subnet length.%0a%3c For example, if you had the IPv6 address 2001:db8:1:: with a /48 subnet, you would type this into the command line:%0a%3c %0a%3c [@%0a%3c $ perl -e 'print substr(join(".",(split//,sprintf("%25032s", scalar reverse(join("", map(sprintf("%2504s", $_), split(":", "2001:db8:1::"))))))),(48/2)).".ip6.arpa\n";'%0a%3c 0.0.0.0.0.0.0.0.1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa%0a%3c @]%0a%3c %0a%3c This gives you the name of your zone file.%0a%3c %0a64d53%0a%3c echo "%3cIPv6 subnet>"|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"%0a67a57,63%0a> Replace %3cIPv6 subnet> with your real IPv6 subnet. Make sure to fill in any missing zeros.%0a> %0a> For example:%0a> %0a> [@%0a> echo "2001:0550:3402:0001"|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"%0a> @]%0a host:1627049672=38.87.162.8 author:1627032926=jrmu diff:1627032926:1627031761:=23,26c23,24%0a%3c Suppose we have been delegated the rDNS zone for our [[openbsd/IPv6|IPv6]] subnet, 2001:db8:1::/48. To find out our zone, we need to fill in all the missing zeros, put periods between each digit, reverse the digits, then add ip6.arpa:%0a%3c %0a%3c WARNING: You must fill in all missing zeros!%0a%3c %0a---%0a> Suppose we have been delegated the rDNS zone for our [[openbsd/IPv6|IPv6]] subnet, 2001:550:3402:1:143::/80. To find out our zone, we need to fill in all the missing zeros, put periods between each digit, reverse the digits, then add ip6.arpa:%0a> %0a28,32c26,30%0a%3c 2001:db8:1:: # original subnet is /48%0a%3c 2001:0db8:0001:: # fill in the missing zeros up to the /48 subnet%0a%3c 2.0.0.1.0.d.b.8.0.0.0.1 # add periods between each digit%0a%3c 1.0.0.0.8.b.d.0.1.0.0.2 # reverse the digits%0a%3c 1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa # add ip6.arpa%0a---%0a> 2001:550:3402:1:143:: # original subnet%0a> 2001:0550:3402:0001:0143:: # fill in the missing zeros%0a> 2.0.0.1.0.5.5.0.3.4.0.2.0.0.0.1.0.1.4.3 # add periods between each digit%0a> 3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2 # reverse the digits%0a> 3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa # add ip6.arpa%0a34,45d31%0a%3c %0a%3c Here's a second example with the subnet 2602:fccf:1:1::/64:%0a%3c %0a%3c [@%0a%3c 2602:fccf:1:1:: # original subnet%0a%3c 2602:fccf:0001:0001:: # fill in the missing zeros up to the /64 subnet%0a%3c 2.6.0.2.f.c.c.f.0.0.0.1.0.0.0.1 # add periods between each digit%0a%3c 1.0.0.0.1.0.0.0.f.c.c.f.2.0.6.2 # reverse the digits%0a%3c 1.0.0.0.1.0.0.0.f.c.c.f.2.0.6.2.ip6.arpa # add ip6.arpa%0a%3c @]%0a%3c %0a%3c '''NOTE''': Your zone must have subnet divided by 4 number of hex digits. If you have a /48 subnet, this means you will have 48/4 = 12 hex digits. If you have a /64 subnet, you will have 64/4 = 16 hex digits.%0a host:1627032926=38.87.162.8 author:1627031761=jrmu diff:1627031761:1627031197:=14,17d13%0a%3c %0a%3c Consult the man pages for [[https://man.openbsd.org/nsd|nsd]], [[https://man.openbsd.org/nsd.conf|nsd.conf]], [[https://man.openbsd.org/nsd-checkconf|nsd-checkconf]], and [[https://man.openbsd.org/nsd-checkzone|nsd-checkzone]].%0a%3c %0a%3c [[http://www.zytrax.com/books/dns|DNS for Rocket Scientists]] and [[http://tcpipguide.com/free/t_DNSReverseNameResolutionUsingtheINADDRARPADomain.htm|The TCP/IP Guide]] are helpful resources for further reading.%0a host:1627031761=38.87.162.8 author:1627031197=jrmu diff:1627031197:1627023215:=1,18c1,8%0a%3c (:title Configuring IPv6 rDNS using NSD:)%0a%3c %0a%3c !! Overview%0a%3c %0a%3c Many internet protocols require your address' rDNS to match forward DNS to work properly. For IRC, proper rDNS is required for your vhost to load properly. For email, proper rDNS is required to avoid being marked as spam. In this guide, we use [[nsd/configure|nsd]], an authoritative name server, to provide rDNS.%0a%3c %0a%3c !! Installation%0a%3c %0a%3c nsd comes as part of openbsd base so no installation will be necessary.%0a%3c %0a%3c '''NOTE''': This guide assumes you have already configured [[openbsd/nsd|nsd]] for forward DNS resolution.%0a%3c %0a%3c !! Docs and references%0a%3c %0a%3c !! Configuration%0a%3c %0a%3c !!! IPv6 Subnet%0a%3c %0a---%0a> (:title Configuring rDNS using NSD:)%0a> %0a> We can configure our rDNS using [[nsd/configure|nsd]], an authoritative name server. nsd comes as part of openbsd base so no installation will be necessary.%0a> %0a> '''NOTICE''': This guide assumes you have already configured [[openbsd/nsd|nsd]] for forward DNS resolution.%0a> %0a> !! IPv6 Subnet%0a> %0a47,48c37,38%0a%3c !!! Zone File%0a%3c %0a---%0a> !! Zone File%0a> %0a61,62c51,52%0a%3c !!! /var/nsd/etc/nsd.conf%0a%3c %0a---%0a> !! /var/nsd/etc/nsd.conf%0a> %0a71,72c61,62%0a%3c !!! Restart nsd and test%0a%3c %0a---%0a> !! Restart nsd and test%0a> %0a90c80%0a%3c !!! Primary and secondary server%0a---%0a> !! Primary and secondary server%0a host:1627031197=38.87.162.8 author:1627023215=jrmu diff:1627023215:1627022617:=3c3%0a%3c We can configure our rDNS using [[nsd/configure|nsd]], an authoritative name server. nsd comes as part of openbsd base so no installation will be necessary.%0a---%0a> We can configure our rDNS using [[openbsd/nsd|nsd]], an authoritative name server. nsd comes as part of openbsd base so no installation will be necessary.%0a host:1627023215=38.87.162.8 author:1627022617=jrmu diff:1627022617:1627022617:=1,183d0%0a%3c (:title Configuring rDNS using NSD:)%0a%3c %0a%3c We can configure our rDNS using [[openbsd/nsd|nsd]], an authoritative name server. nsd comes as part of openbsd base so no installation will be necessary.%0a%3c %0a%3c '''NOTICE''': This guide assumes you have already configured [[openbsd/nsd|nsd]] for forward DNS resolution.%0a%3c %0a%3c !! IPv6 Subnet%0a%3c %0a%3c Suppose we have been delegated the rDNS zone for our [[openbsd/IPv6|IPv6]] subnet, 2001:550:3402:1:143::/80. To find out our zone, we need to fill in all the missing zeros, put periods between each digit, reverse the digits, then add ip6.arpa:%0a%3c %0a%3c [@%0a%3c 2001:550:3402:1:143:: # original subnet%0a%3c 2001:0550:3402:0001:0143:: # fill in the missing zeros%0a%3c 2.0.0.1.0.5.5.0.3.4.0.2.0.0.0.1.0.1.4.3 # add periods between each digit%0a%3c 3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2 # reverse the digits%0a%3c 3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa # add ip6.arpa%0a%3c @]%0a%3c %0a%3c Here is a simple command to do this:%0a%3c %0a%3c [@%0a%3c echo "%3cIPv6 subnet>"|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"%0a%3c @]%0a%3c %0a%3c (:if false:)%0a%3c grep inet6.*48 /etc/hostname.vio0|awk '{print$2}'|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"%0a%3c (:ifend:)%0a%3c %0a%3c Replace %3cIPv6 subnet> with your real IPv6 subnet. Make sure to fill in any missing zeros.%0a%3c %0a%3c For example:%0a%3c %0a%3c [@%0a%3c echo "2001:0550:3402:0001"|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"%0a%3c @]%0a%3c %0a%3c !! Zone File%0a%3c %0a%3c Now we must create the zone file in /var/nsd/zones/master/3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa:%0a%3c %0a%3c [@%0a%3c $ORIGIN 3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa.%0a%3c @ 3600 IN SOA ns1.ircnow.org. admin.ircnow.org. (%0a%3c 2021020105 1800 3600 1209600 3600 )%0a%3c 3600 IN NS ns1.jrmu.coconut.ircnow.org.%0a%3c 3600 IN NS ns2.jrmu.coconut.ircnow.org.%0a%3c 0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR user1.coconut.ircnow.org.%0a%3c 1.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR user2.coconut.ircnow.org.%0a%3c @]%0a%3c %0a%3c !! /var/nsd/etc/nsd.conf%0a%3c %0a%3c Now we only need to add this section to /var/nsd/etc/nsd.conf:%0a%3c %0a%3c [@%0a%3c zone:%0a%3c name: "3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a%3c zonefile: "master/3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a%3c @]%0a%3c %0a%3c !! Restart nsd and test%0a%3c %0a%3c [@%0a%3c $ doas rcctl restart nsd%0a%3c @]%0a%3c %0a%3c We can test using [[openbsd/host|host]] or [[openbsd/dig|dig]]:%0a%3c %0a%3c [@%0a%3c host 2001:550:3402:1:143::1 %3cnameserver-ip>%0a%3c @]%0a%3c %0a%3c Replace %3cnameserver-ip> with your actual nameserver IP. Once you have confirmed this is working, you can then ask to have your zone delegated to your nameserver.%0a%3c %0a%3c You can then test if both forward and reverse DNS lookup work by using [[openbsd/netcat|netcat]] to connect to IRC.%0a%3c %0a%3c (:if false:)%0a%3c !! Troubleshooting%0a%3c %0a%3c !! Primary and secondary server%0a%3c %0a%3c If you need a secondary server to host the zone, you can do this as follows. Add to the block that describes your master zone, records about the secondary zone as in the example:%0a%3c %0a%3c [@%0a%3c zone:%0a%3c name: "example.net"%0a%3c zonefile: "master/example.net"%0a%3c notify: 20.20.20.20 NOKEY%0a%3c provide-xfr: 20.20.20.20 NOKEY%0a%3c @]%0a%3c %0a%3c Create a new block in the secondary server config file, as in the example:%0a%3c %0a%3c [@%0a%3c zone:%0a%3c name: "example.net"%0a%3c zonefile: "slave/example.net"%0a%3c allow-notify: 10.10.10.10 NOKEY%0a%3c request-xfr: 10.10.10.10 NOKEY%0a%3c @]%0a%3c %0a%3c !! The zone file for NSD%0a%3c %0a%3c The next step is to write the zone files for NSD. First the forward lookup zone example.net:%0a%3c %0a%3c [@%0a%3c ; Domain file from My project%0a%3c %0a%3c example.net. 3600 SOA ns.example.net. admin.example.net. (%0a%3c 2020070701 ; serial YYYYMMDDnn%0a%3c 10800 ; refresh%0a%3c 3600 ; retry%0a%3c 604800 ; expire%0a%3c 86400 ) ; minimum TTL%0a%3c %0a%3c example.net. NS ns.example.net.%0a%3c example.net. NS ns.secondary.net.%0a%3c ns A 10.10.10.10%0a%3c example.net. A 10.10.10.10%0a%3c www A 10.10.10.10%0a%3c irc A 10.10.10.10%0a%3c imap A 10.10.10.10%0a%3c smtp A 10.10.10.10%0a%3c example.net. mx 10 smtp.example.net.%0a%3c @]%0a%3c %0a%3c Save this zone file as /var/nsd/zones/master/example.net%0a%3c %0a%3c !! Configuration check and start%0a%3c %0a%3c NSD bring along a tool to check the configuration file before you start or reload the daemon:%0a%3c %0a%3c [@%0a%3c $ doas nsd-checkconf /var/nsd/etc/nsd.conf%0a%3c @]%0a%3c %0a%3c Any errors are reported, so no news are good news. You can go ahead and start NSD:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable nsd%0a%3c $ doas rcctl start nsd%0a%3c @]%0a%3c %0a%3c If there are issues you can start nsd in debug mode%0a%3c %0a%3c [@%0a%3c doas nsd -d -V 3%0a%3c @]%0a%3c %0a%3c https://www.denic.de/en/service/tools/nast/%0a%3c %0a%3c %0a%3c %0a%3c [@%0a%3c $ORIGIN 1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa.%0a%3c @ 3600 IN SOA ns1.ircnow.org. admin.ircnow.org. (%0a%3c 2020112906 1800 3600 1209600 3600 )%0a%3c 3600 IN NS cherry.ircnow.org.%0a%3c 3600 IN NS pear.ircnow.org.%0a%3c 3600 IN NS mango.ircnow.org.%0a%3c 3600 IN NS peach.ircnow.org.%0a%3c 3600 IN NS banana.ircnow.org.%0a%3c 3600 IN NS guava.ircnow.org.%0a%3c 3600 IN NS jujube.ircnow.org.%0a%3c 3600 IN NS plum.ircnow.org.%0a%3c 3600 IN NS fig.ircnow.org.%0a%3c 3600 IN NS orange.ircnow.org.%0a%3c 3600 IN NS lemon.ircnow.org.%0a%3c 3600 IN NS grape.ircnow.org.%0a%3c 3600 IN NS coconut.ircnow.org.%0a%3c 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR www.example.com.%0a%3c 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR www.example.org.%0a%3c @]%0a%3c %0a%3c In /var/nsd/etc/nsd.conf:%0a%3c %0a%3c [@%0a%3c zone:%0a%3c name: "1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a%3c zonefile: "master/1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"%0a%3c include-pattern: "ircnow.org"%0a%3c @]%0a%3c (:ifend:)%0a host:1627022617=38.87.162.8