• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

reverse delegation not working

Started by japje, August 21, 2008, 04:51:29 AM

Previous topic - Next topic


Hey guys,

i set up my tunnel and the ips are working fine :) so now i wanted to reverse them. Together with my collegue ive set up 2 NS (bind9) servers to provide the reverse delegation:

ipv4: /
ipv6 2001:470:1f15:3cd::3  /  2001:470:1f15:3cd:216:3eff:fe7a:3991

ive setup an hostname for them:
ns1.ipv6.voor.me :  2001:470:1f15:3cd:216:3eff:fe7a:3991
ns2.ipv6.voor.me :  2001:470:1f15:3cd::3

from my isp's (xs4all) ipv6 tunnel and via http://www.berkom.blazing.de/tools/ping.cgi i can ping both ip's, and hostnames:
64 bytes from 2001:470:1f15:3cd:216:3eff:fe7a:3991: icmp_seq=1 ttl=58 time=26.1 ms
64 bytes from 2001:470:1f15:3cd::3: icmp_seq=1 ttl=59 time=23.3 ms

So that seems to work fine :)

The zonefile for 1 of the ranges:

$TTL 24H
8.0.1.d.       IN      SOA     ns1.tiscomhosting.nl.   hostmaster.tiscomhosting.nl.    (
                2008071936      ;serial
                2H      ;refresh
                1H      ;retry
                1W      ;expire
                4H)     ;minimum TTL

@               IN NS           ns1.ipv6.voor.me.
@               IN NS           ns2.ipv6.voor.me.

$ORIGIN 8.0.1.d. IN      PTR     ip1.ipv6.japje.nl. IN      PTR     ip2.ipv6.japje.nl. IN      PTR     ip3.ipv6.japje.nl. IN      PTR     ip4.ipv6.japje.nl. IN      PTR     ip5.ipv6.japje.nl.

and if i do an lookup directly on the nameservers it works:
# nslookup 2001:470:d108::1 n1.ipv6.voor.me
Server:      ns1.ipv6.voor.me
Address:   2001:470:1f15:3cd:216:3eff:fe7a:3991#53   name = ip1.ipv6.japje.nl.

but, if i do just an lookup it doesnt work:
~# nslookup 2001:470:d108::1

** server can't find NXDOMAIN

So am i missing something? i cant seem to find the solution.


you need add your dns servers in tunnelbroker page.

or try remove and add it again

QuoteC:\Bind>dig ANY -x 2001:470:d108::1 +trace

; <<>> DiG 9.5.0 <<>> ANY -x 2001:470:d108::1 +trace
;; global options:  printcmd
.                       517820  IN      NS      K.ROOT-SERVERS.NET.
.                       517820  IN      NS      L.ROOT-SERVERS.NET.
.                       517820  IN      NS      M.ROOT-SERVERS.NET.
.                       517820  IN      NS      A.ROOT-SERVERS.NET.
.                       517820  IN      NS      B.ROOT-SERVERS.NET.
.                       517820  IN      NS      C.ROOT-SERVERS.NET.
.                       517820  IN      NS      D.ROOT-SERVERS.NET.
.                       517820  IN      NS      E.ROOT-SERVERS.NET.
.                       517820  IN      NS      F.ROOT-SERVERS.NET.
.                       517820  IN      NS      G.ROOT-SERVERS.NET.
.                       517820  IN      NS      H.ROOT-SERVERS.NET.
.                       517820  IN      NS      I.ROOT-SERVERS.NET.
.                       517820  IN      NS      J.ROOT-SERVERS.NET.
;; Received 500 bytes from 2001:470:912e::cc#53(2001:470:912e::cc) in 46 ms

ip6.arpa.               172800  IN      NS      NS.ICANN.ORG.
ip6.arpa.               172800  IN      NS      SEC1.APNIC.NET.
ip6.arpa.               172800  IN      NS      NS-SEC.RIPE.NET.
ip6.arpa.               172800  IN      NS      NS.LACNIC.NET.
ip6.arpa.               172800  IN      NS      TINNIE.ARIN.NET.
;; Received 220 bytes from in 78 ms 10800 IN      NS      ns4.he.net. 10800 IN      NS      ns5.he.net. 10800 IN      NS      ns3.he.net. 10800 IN      NS      ns2.he.net. 10800 IN      NS      ns1.he.net.
;; Received 186 bytes from in 328 ms

d. 86400 IN    SOA     ns1.he.net. hostmaster.he.net. 2008082107 10800 1800
604800 86400
;; Received 153 bytes from in 171 ms


Quote from: dragoon on August 21, 2008, 09:53:00 AM
you need add your dns servers in tunnelbroker page.

or try remove and add it again

I have done so a few times now allready, but so far no luck.


If the rDNS servers are entered for the tunnel, then you probably want to go ahead and open up a ticket by sending an e-mail to ipv6@he.net.  From what I can see here, it does not appear the rDNS delegation is in effect.

dig 8.0.1.d.

; <<>> DiG 9.4.2-P1 <<>> 8.0.1.d.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25624
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;8.0.1.d. IN   A

d. 900 IN      SOA     ns1.he.net. hostmaster.he.net. 2008082107 10800 1800 604800 86400

;; Query time: 61 msec
;; WHEN: Thu Aug 21 13:07:03 2008
;; MSG SIZE  rcvd: 107


Appears to be a problem with thinking that .me domains aren't valid. I can't even do command-line whois queries for domains in .me. But I'll poke around and see what's up.