• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

RDNS... but not what you think

Started by SirPsycho, July 07, 2009, 08:44:23 AM

Previous topic - Next topic

SirPsycho

After reading all the horror stories about trying to get RDNS to work, I was surprised to discover that I had passed the Professional level.  Here's the situation.

I have BIND set up on my computer with a reverse zone file for "f.7.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa." which does correctly respond to:
dig -x 2001:470:1f11:17f::{1 or 2 because those are the only hosts in my routed /64 right now} @2001:470:1f11:17f;

with the hostname nujalik.awpgnt.com.

I have also filled in nujalik.dns6.org. as my RDNS delegation NS1 on tunnelbroker (don't even ask - I think i'm waiting for xname.org's changes to propagate).

Now, "dig -x 2001:470:1f11:17f::1"  (without @2001:470:1f11:17f::1) does not work -- NXDOMAIN -- but apparently it does work for the cert test.  Could it just be that tunnelbroker's changes haven't propagated yet, so only he.net can see the reverse delegation, or am i missing something?

cholzhauer

FWIW, here's the output from a non-HE tunnel

[carl@mars ~]$ dig -x 2001:470:1f11:17f::1

; <<>> DiG 9.4.3-P2 <<>> -x 2001:470:1f11:17f::1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18954
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.7.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. IN PTR

;; Query time: 2970 msec
;; SERVER: 2001:4978:1d8:e000:88cb:fe1b:c4b0:92a1#53(2001:4978:1d8:e000:88cb:fe1b:c4b0:92a1)
;; WHEN: Tue Jul  7 09:58:45 2009
;; MSG SIZE  rcvd: 90

piojan

#2
root@debi:/etc/asterisk# dig -x  2001:470:1f11:17f::2 +trace

; <<>> DiG 9.6.0b1 <<>> -x 2001:470:1f11:17f::2 +trace
;; global options: +cmd
.                       490180  IN      NS      G.ROOT-SERVERS.NET.
.                       490180  IN      NS      I.ROOT-SERVERS.NET.
.                       490180  IN      NS      L.ROOT-SERVERS.NET.
.                       490180  IN      NS      F.ROOT-SERVERS.NET.
.                       490180  IN      NS      D.ROOT-SERVERS.NET.
.                       490180  IN      NS      K.ROOT-SERVERS.NET.
.                       490180  IN      NS      C.ROOT-SERVERS.NET.
.                       490180  IN      NS      A.ROOT-SERVERS.NET.
.                       490180  IN      NS      B.ROOT-SERVERS.NET.
.                       490180  IN      NS      H.ROOT-SERVERS.NET.
.                       490180  IN      NS      J.ROOT-SERVERS.NET.
.                       490180  IN      NS      E.ROOT-SERVERS.NET.
.                       490180  IN      NS      M.ROOT-SERVERS.NET.
;; Received 241 bytes from 127.0.0.1#53(127.0.0.1) in 17 ms

ip6.arpa.               172800  IN      NS      ns.icann.org.
ip6.arpa.               172800  IN      NS      ns2.lacnic.net.
ip6.arpa.               172800  IN      NS      sec1.apnic.net.
ip6.arpa.               172800  IN      NS      ns-sec.ripe.net.
ip6.arpa.               172800  IN      NS      tinnie.arin.net.
;; Received 221 bytes from 2001:7fd::1#53(K.ROOT-SERVERS.NET) in 57 ms

4.0.1.0.0.2.ip6.arpa.   84600   IN      NS      epazote.arin.net.
4.0.1.0.0.2.ip6.arpa.   84600   IN      NS      ns-sec.ripe.net.
4.0.1.0.0.2.ip6.arpa.   84600   IN      NS      indigo.arin.net.
4.0.1.0.0.2.ip6.arpa.   84600   IN      NS      sec1.apnic.net.
4.0.1.0.0.2.ip6.arpa.   84600   IN      NS      basil.arin.net.
4.0.1.0.0.2.ip6.arpa.   84600   IN      NS      sec3.apnic.net.
4.0.1.0.0.2.ip6.arpa.   84600   IN      NS      figwort.arin.net.
4.0.1.0.0.2.ip6.arpa.   84600   IN      NS      ns2.lacnic.net.
4.0.1.0.0.2.ip6.arpa.   84600   IN      NS      dill.arin.net.
4.0.1.0.0.2.ip6.arpa.   84600   IN      NS      henna.arin.net.
4.0.1.0.0.2.ip6.arpa.   84600   IN      NS      chia.arin.net.
;; Received 468 bytes from 2001:500:13::c7d4:35#53(tinnie.arin.net) in 129 ms

0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN      NS      ns1.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN      NS      ns3.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN      NS      ns4.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN      NS      ns2.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN      NS      ns5.he.net.
;; Received 186 bytes from 192.26.92.32#53(henna.arin.net) in 212 ms

f.7.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 4900 IN NS nujalik.dns6.org.
;; Received 120 bytes from 2001:470:200::2#53(ns2.he.net) in 208 ms

2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.7.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 3600 IN PTR visliber.awpgnt.com.
f.7.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 3600 IN NS nujalik.awpgnt.com.
;; Received 145 bytes from 2001:470:1f11:17f::1#53(nujalik.dns6.org) in 219 ms

root@debi:/etc/asterisk# host nujalik.awpgnt.com
Host nujalik.awpgnt.com not found: 3(NXDOMAIN)

That NS record might me the problem:
f.7.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 3600 IN NS nujalik.awpgnt.com.
This address doesn't reslolve to an ip.

SirPsycho

yeah i set up awpgnt.com on xname.org yesterday and it hasn't changed anything yet.  dig awpgnt.com returns NXDOMAIN and dig awpgnt.com @ns0.xname.org returns SERVFAIL.  I've changed my ptr record for ...::1 to point to nujalik.dns6.org.

does anyone understand why it gets a PTR record properly when using +trace but shows no answer section otherwise?