IPv6 AXFR on dns.he.net

[cnst]

Hi,

I'm confused about IPv6 support on dns.he.net.  It seems like such support has been added recently, however, a lot of docs still explicitly or implicitly infer that only IPv4 is supported.

One thing I ran into is that you request to allow AXFR to ns1.he.net. (216.218.130.2) and slave.dns.he.net. (216.218.133.2, 2001:470:600::2).  I did just that -- allowed only 2001:470:600::2 (ns1 has no ipv6), but things didn't seem to work, since you've instead seem to have been requesting transfers from 2001:470:100::2.

Neither 2001:470:100::2 nor 2001:470:600::2 seem to have any rDNS entries, BTW.  So, when all my masters are IPv6, which IPv6 address am I supposed to allow transfers to?  Also, do you ignore "notify"?

C.

[rchandra]

It's not the best answer I'm sure, but absent rDNS information, I do whois lookup(s) for the denials I see in my logs.  The same thing applies to Dynamic Network Services, Inc.  Actually, in fact, for some reason they don't have any extant documentation for their secondary service on their own Web site (dyn.com); I had to go to archive.org to fetch stuff they used to have up on their site.  Basically, it was similar; add ns2 through ns5 in one of their domains.  They still requested xfers from other addresses, which also didn't have PTR records.  So I just put two and two together as the expression goes, this host wants my zone, and the whois for those addresses showed their name, so I had some confidence it was really them and they should be authorized.

I currently have one zone with HE as secondary (probably will be more in the future).  If it helps at all, here's the ACL I have for BIND:

Code Select Expand


acl HurricaneElectric {
       2001:470:100::2;
       216.218.130.2;
       ::ffff:216.218.130.2;
       2001:470:600::2;
       216.218.133.2;
       ::ffff:216.218.133.2;
};