• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

I've been having a hard time with RDNS

Started by greghanna, July 30, 2009, 12:55:00 AM

Previous topic - Next topic

greghanna

I've emailed back and forth to ipv6@he.net all day, and I'm sure he's tired of hearing from me :P

But, here's my problem, I can't seem to get my named server to correctly reverse dns the hosts.

at first, I couldn't even get an IP on my machine, but I finally figured that out.  (I was pretty good with IPv4, but IPv6 is a big difference to me)

I'm trying to do this on my home server, mainly to irc from... I currently have a dedicated server in chicago, and they don't allow irc, so it's not worth it to me to even attempt to irc from it and get my machine suspended, so I decided to use the IPv6 IPs on my home server to play around with and educate myself with the new IP format, since IPv4 will soon be gone.

I'm currently going through a linksys WRT54G v2 and I have it updated to the newest firmware (v4.21.1) and I have port 53 forwarded to it for bind.

this whole 1.2.0.1.3.5.0.0.0.0 deal confuses the crap out of me.

My routed /64 is             2001:470:1f0f:1a7::/64

So, here's my named.conf



zone "f.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa" {
        type master;
        file "/etc/bind/rdns.ipv6";
};



now, I've tried editing that a few different ways, I've done it like it's shown, and I've also added 7.a.1.0 to the beginning of it, and no different outcome.

now, here's my "rdns.ipv6" file;


$TTL    300
@               IN      SOA     192.168.2.150.  localhost.(
                        2009041942      ;       serial
                        10800   ; refresh
                        3600    ; retry
                        604800  ; expire
                        3600 )  ; minimum
                IN      NS              192.168.2.150.


; 2001:470:1f0f:1a7

$ORIGIN f.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa.
7.3.3.1.0.0.0.0.7.a.1.0         IN      PTR     ipv6.okcinfo.net.



I've also tried that the same way, I've added 7.a.1.0 to the beginning of that, and nothing changed either.

by the way, my server's IP is 192.168.2.150 that's given to it by my router, so I figured that'd be the best way to setup the named part at the top, I first had my actual IP from cox on there, but that didn't work either, so I figured I'd have a better chance with this.


So, I'm curious as to why reverse dns isn't working.

and another thing, I've tried ping6 2001:470:1f0f:1a7::1337 from a different machine and it says "connect: Network is unreachable"

I can get on irc with the host 2001:470:1f0f:1a7::1337, so I know I have it pulled onto my server correctly, but it's not pingable from another server, which isn't that big of a deal to me, but I was thinking maybe this is part of my problem.

here's my ifconfig info:


eth0      Link encap:Ethernet  HWaddr 00:03:6d:1a:bc:7c 
          inet addr:192.168.2.150  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: 2001:470:1f0f:1a7::1337/128 Scope:Global
          inet6 addr: 2001:470:1f0f::1337/128 Scope:Global
          inet6 addr: fe80::203:6dff:fe1a:bc7c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:62446 errors:0 dropped:0 overruns:0 frame:0
          TX packets:76982 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:32788476 (31.2 MB)  TX bytes:44971443 (42.8 MB)
          Interrupt:5 Base address:0xd400

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:273 errors:0 dropped:0 overruns:0 frame:0
          TX packets:273 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:30093 (29.3 KB)  TX bytes:30093 (29.3 KB)

sit0      Link encap:IPv6-in-IPv4 
          inet6 addr: ::192.168.2.150/96 Scope:Compat
          inet6 addr: ::127.0.0.1/96 Scope:Unknown
          UP RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

sit1      Link encap:IPv6-in-IPv4 
          inet6 addr: 2001:470:1f0e:1a7::2/64 Scope:Global
          inet6 addr: fe80::c0a8:296/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:137 errors:0 dropped:0 overruns:0 frame:0
          TX packets:168 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:44035 (43.0 KB)  TX bytes:16714 (16.3 KB)


any help would be greatly appreciated!

greghanna

oh I forgot to add what it shows when I try to run nslookup on the IP, I doubt this will help any, but I figured I'd go ahead and add it.

btw, I was going to just edit my last post and add it, but I'm not sure if it allows that or not, I saw a little icon at the bottom right hand side that looked like it might be the edit button, but it wouldn't let me click it.


root@nocturnal:/etc/bind# host 2001:470:1f0f:1a7::1337
Host 7.3.3.1.0.0.0.0.0.0.0.0.0.0.0.0.7.a.1.0.f.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa not found: 3(NXDOMAIN)
root@nocturnal:/etc/bind# host 2001:470:1f0f:1a7::1337 localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:

Host 7.3.3.1.0.0.0.0.0.0.0.0.0.0.0.0.7.a.1.0.f.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa not found: 3(NXDOMAIN)
root@nocturnal:/etc/bind#


this thing has bugged me all day I've tried so many ways I think I've exhausted anything else I can do with it, so I figured I'd post here to see if anyone has some different input on how to fix my problem.  I got this tunnel last week and attempted to work on it a little bit and got irritated at it and quit, but today I decided I'd try to get it to work, and I worked at it ALL day and didn't accomplish anything it feels like.  ;\

I'm thinking my problem is probably something simple that I'm overlooking, but you know how that goes... you look at it for so long you completely miss something obvious, and someone else can take a glance at it and see what the problem is right off hand.


thank you again in advance, I really look forward to seeing what was wrong and continuing to add IPs to my machine and toying with the DNS.

broquea

#2
Use this to generate a working named.conf entry & ipv6.arpa zone

http://www.fpsn.net/index.cgi?pg=tools&tool=ipv6-inaddr [1]

FYI, I believe IRC, to properly display whatever hostname you are giving the IP, needs working forward and reverse entries that match.

Also you weren't allocated the whole 2001:470:1f0f::/48, so don't use inet6 addr: 2001:470:1f0f::1337/128 Scope:Global

Also, to edit your posts, click on "Modify", upper right of your post, or the little icon lower right, which changes the post to input, and has a save button under the message input.

[1] found here http://www.tunnelbroker.net/forums/index.php?topic=316.0

greghanna

Thank you for your response!

I didn't even realize that I had added 2001:470:1f0f::1337/128 to the ifconfig, so I deleted that.

and after using fpsn.net's tools, I've came across this problem:

Jul 30 04:19:22 nocturnal named[11772]: dns_rdata_fromtext: /etc/bind/rdns.ipv6:2: near '2001:470:1f0f:1a7::/64': bad name (check-names)
Jul 30 04:19:22 nocturnal named[11772]: zone 2001:470:1f0f:1a7::/64\032.arpa/IN: loading from master file /etc/bind/rdns.ipv6 failed: bad name (check-names)

So, I tried changing the area where it has:


@ IN SOA 2001:470:1f0f:1a7::/64 .arpa. greg.okcinfo.net. (


I changed 2001:470:1f0f:1a7::/64 to localhost.  to see if that would change anything, and it didn't.

I copied and pasted everything it said to, and that's the only problem I'm having now.

Is there something I need to change in that area?

broquea

#4
That should be the same as $origin, so 7.a.1.0.f.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa

The file generator even provides that, so not sure how it could have been generated incorrectly other than the form not being filled out correctly.

kcochran

#5
Also on your SOAs and NS records, those fields you have v4/v6 addresses in should be hostname-based.  In the SOA it should be the authoritative nameserver, followed by the administrative email for the zone (with @ -> . conversion).  The NS should just be a hostname, otherwise many resolvers may try looking for the hostname "192.168.2.150" and not the IP 192.168.2.150.  Not a problem with a local-only resolver, but it will cause problems if it's publicly accessible.

You'd then have something like this in your forward zones (the SOA and NS change would also go into the reverse):

@               IN      SOA             ns1.okcinfo.net. greg.okcinfo.net. [etc.]
               IN      NS              ns1.okcinfo.net.
ns1             IN      A               192.168.2.150  ; This record should be in the forward zone for okcinfo.net only.
ns1             IN      AAAA            2001:470:      ; A full v6 address would go here to also note v6 availability for this nameserver


snarked

You're only specifying 24 nybbles.  IPv6 addresses have 32 nybbles.  (A nybble is 4 bits or 1 hex-digit).

jimb

Thanks for spelling nybble correctly (or at least traditionally).   :D

greghanna

Ok, I worked on trying to get my /64 to work all day yesterday up until 4am this morning, trying different things, I was on a mission and didn't want to give up.

well, about 30 minutes ago I figured I'd try my /48 to see if it'd work, and I used the fpsn.net tool to setup my DNS settings, and go figure it worked instantly.

I filled out the sheet correctly for my /64, for some reason it just didn't want to work, but when I did my /48, it worked just fine.

So, thank you guys very much for your help, I should've just attempted to use my /48 last night, and it would've worked, I don't understand why it didn't, but oh well it's working now!

:)

greghanna

Ok, I finally figured out what was wrong with my /64, the zone file in the named.conf was messed up, along with the name server authority at the top of the reverse dns file.

I guess when I copied/pasted it, a space got put in place of a period ".", so that's what messed it up the whole entire time, cause when I got the /48 working, I was thinking SURELY I can get the /64 working, and I did.

and, it was definitely something I kept over looking last night, cause I looked at it so long everything started looking the same lol.

So, once again... thank you very much for your help, ya'll pointed me in the right area to look to notice what was wrong with it.