• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Newbie Here :: Reverse DNS question

Started by arcticfire, July 27, 2008, 09:22:02 PM

Previous topic - Next topic

arcticfire

Now please keep in mind, I just can't wrap my mind around the address structure of IPv6. I'm the kinda person that says IPv4 + NAT = fine for me. But I'm trying to keep an open mind, learn new things and try new things.

I'm trying to set up RDNS for my tunnel. To make it easier to provide an example for me, here's the information.

Routed /48:       2001:470:89a6::/48
Routed /64:     2001:470:1f07:6c5::/64

Now I'm just working on the /64 for now. (I didn't even mean to allocate the /48 :P) I'm using xname.org for my DNS hosting. I already have the name servers set up in the Control Panel here.

QuoteAlso please note that this is for delegation of reverse DNS for the netblocks listed below, your routed /64 and /48. The Point to Point /64 reverse DNS is never delegated.
What does this mean? I thought this meant that you can't create a PTR record for a specific IP but rather you had to do it for the subnet....I didn't know you could do this. I thought the PTR record had to contain a specific IP. Maybe I'm just a little confused about that too. :D

I could sure use some help. I don't even have the tunnel working yet, but I expect that to all be fixed as soon as I upgrade my router to DD-WRT so that it will allow the proto41 to pass.

EDIT:
Just out of curiosity (it's the main reason I'm doing this, to learn) why are these different?

Client IPv6 address:     2001:470:1f06:6c5::2/64
Routed /64:     2001:470:1f07:6c5::/64

Which will actually be used?

snarked

2001:470:1f07:6c5::/64 is under your control for reverse DNS.

2001:470:1f06:6c5::/64 has to have a "::2" present on your end to respond to ICMP pings so that HE knows that the tunnel is operational.

kcochran

Well, the 2001:470:1f06:6c5::2/64 has to exist as that's what the routed /64 is routed through.  It's not there for just ICMP, it's your designated public facing router IPv6 address.

So your network would look something like this

2001:470:1f07:6c5::X/64 <-- V
2001:470:1f07:6c5::Y/64 <-- LAN --> 2001:470:1f07:6c5::?/64 <-- Router --> 2001:470:1f06:6c5::2/64 <--TUNNEL--> 2001:470:1f06:6c5::1/64 <-- HE Tunnelbroker
2001:470:1f07:6c5::Z/64 <-- ^

You can create rDNS entries for anything in the routed /64 or /48, and yes, they should be specific addresses, though you could get creative with wildcards if you really wanted to go down the path of assigning the entire subnet.

arcticfire

Ok........that explanation of the two addresses confused me. :P

Let's start out with something simple, like getting it working. I just installed DD-WRT v23 std. I followed this guide exactly, only changing stuff to put my addresses in. But yet it still doesn't work. I really thought I was good at networking, but this knocked me down a peg or twenty. :D

http://solosoft.org:81/projects/ipv6/ipv6.html

kcochran

Ok, their example is a little dated, but really only in the use of /127s instead of /64s for the tunnel v6 endpoints.

Based on their example, and your settings, you'd need something akin to this, replacing the addresses with your v4 address, and the tunnelbroker's IP that you're connected to, as noted in the tunnel details page.


/usr/sbin/ip tunnel add sixbone mode sit local YOURV4IP remote SERVERV4IP
/usr/sbin/ip link set sixbone up
/usr/sbin/ip link set mtu 1280 dev sixbone
/usr/sbin/ip tunnel change sixbone ttl 64
/usr/sbin/ip -6 addr add 2001:470:1f06:6c5::2/64 dev sixbone
/usr/sbin/ip -6 ro add default via 2001:470:1f06:6c5::1 dev sixbone
/usr/sbin/ip -6 addr add 2001:470:1f07:6c5::/64 dev br0


The prefix for radvd.conf would also be using 2001:470:1f07:6c5::/64

arcticfire

Ok, I didn't replace the tunnelbroker's server IP, maybe that's what was wrong. I just used the one he had there. (I don't know why it didn't occur to me to change that too) Anyway, when I get home (or just get time to RDP home), I'll try that.

arcticfire

Ok, cool. Everything is working. Now, my next question. How can I assign a specific address to a specific computer on my lan. Let's say I have apache and I want it to listen on a specific address. Or when I connect to IRC, I want to always use the same address that I did last time to connect.

kcochran

If you've got radvd running on the router, everything on your internal LAN should be getting addresses from that /64.  The address they'll get will be the same every time as it should be a combination of the /64 prefix and your Ethernet card's hardware address (48bits) with a fffe shoved in the middle and one additional bit flipped.  Gotta love autoconfig... simple in principle, but it sounds more complicated in the telling.

Overall each system should have one automatic 'public' IPv6 address based off the routed /64 as detailed above, and that's the one you should be able to use for incoming Apache requests, and what you'd present yourself to IPv6 enabled IRC servers as.  You'll also have one or more local ones (fe80::/16 prefixes for example), but those are all local to your network, and invisible to the rest of the world.

arcticfire

Ok, but I'm talking about a different IP address for IRC, one that is completely unique. (I want to give it a special RDNS entry) Basically:

1) Address for general browsing. (this will be the 'autoconfig' address that you mentioned)
2) An address for http.
3) An address for IRC usage.

kcochran

Ahh... you should be able to setup additional static v6 addresses on the system, but how to have that app use that specific address... that's application dependent.  If they don't give you the option to setup what address it should bind to, you'll just get the best facing one to the destination, or the first one configured usually.

kornholijo

Most if not all large server software have an option on to which interface to bind onto, so that is not a problem ;-)