• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

rDNS for he.net IPv6 tunnels

Started by garothor, January 27, 2017, 01:12:33 PM

Previous topic - Next topic


So I got on the kick that I wanted to get forward and reverse DNS working on my HE.net tunnels.  It was probably annoyance at only getting 19/20 here: http://ipv6-test.com/  I poked around with the he.net dns options, but manual entry is not an option I was interested in and I didn't want to mess around with figuring out if I could get dynamic registrations working.  I didn't need anything too complicated, some sort of automatic records would be preferable. 

Eventually I stumbled across Knot DNS.  The synth-record module was exactly what I was looking for.  I got it configured and slapped it on a couple of IPv6-only VPS's.  Then I set the rDNS Delegations in the he.net tunnel configuration screen.  And it didn't work.

I waited a few days, I emailed he.net about it, and it still didn't work.  NXDOMAIN every time.  SOA still pointing to ns1.he.net.  The eventual solution appears to have been deleting the zones from the he.net free dns management page https://dns.he.net/ .  After removing the reverse zones on the dns management page the  he.net dns servers started properly using the delegation information I had entered on the tunnel rDNS delegation configuration page. 

So now everything works and I get 20/20 at http://ipv6-test.com/ .  Hooray!

Having gone through the trouble to get this working I also thought I might like to share the rDNS servers.  So, if you too want valid rDNS for your tunnels then just set your rDNS delegations to the following:



These servers are already configured to respond for any he.net tunnel IPv6 address. 

I figure it's one small way I can give back in thanks to he.net for providing the free IPv6 tunnelbroker service.  Thanks he.net!


I have the same tickle/desire, but I don't think that that is the correct route to go with (just using a synth-record with a bunch of garbage records).

Just as a heads up:

Going forward I think that this would be the more preferable way to update the Records: https://dns.he.net/docs.html


Oh I agree that this is the easy way out, but it's what every ISP I've seen does with their IPv4 so it's good enough for me.

Also there is no webserver running at that address.  You'd have to use ping. 

Pinging ns1.rdns.onlineregistration.xyz [2605:9880:0:1ea:be::8b9d] with 32 bytes of data:
Reply from 2605:9880:0:1ea:be::8b9d: time=29ms
Reply from 2605:9880:0:1ea:be::8b9d: time=28ms
Reply from 2605:9880:0:1ea:be::8b9d: time=29ms
Reply from 2605:9880:0:1ea:be::8b9d: time=28ms

Ping statistics for 2605:9880:0:1ea:be::8b9d:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 29ms, Average = 28ms


Thanks for this, this is really comfortable :)


But that means I have to give up rDNS totally to your NS? What about some of my static entries? I won't be able to set them up, right?


When you had the zone set up at dns.he.net, did you enter it as a reverse or as a slave?
The slave option is what you want....


Ah, so if I set up a slave zone, it will tell the master which IPs have a manual PTR record?


No.  It means that you host the zone outside of HE and they serve a copy.  You still have to populate the zone yourself at the master.


I think this is something I need to know too:  I'm running unbound on my router, a (stupid fast) caching rDNS for my network, and I'm about to self-host a small website on it.  (the hosting account expired and the content is still germane).  I registered the domain with Icann on my own, so I was able to move it to HE's nameservers...

I just want to confirm - I need to set up DDNS on my router even though it's native IPv6 (because my ISP package gives me a non-static WAN IP) so that the A- and AAAA-records for the domain point to the right place consistently, right?
<img src="//ipv6.he.net/certification/create_badge.php?pass_name=heysoundude&amp;badge=3" style="border: 0; width: 229px; height: 137px" alt="IPv6 Certification Badge for heysoundude"></img>