[Humbledown highlights] Managing IPv6 Zone Pain

Originally published by myself on humbledown.org at Wed Aug 11 12:49:36 NZST 2010
and since recovered to this location. It has not been tested since its original publication.

If you’re the type who prefers to hand-edit their DNS zone files (and there are an awful lot of us), then you’ll recognise the pain of managing IPv6 PTR records in DNS. You might even have a coping strategy to help you input them without making an all-to-easy typo, such as by using a command such as ipv6calc. However, if that’s how you do it, then it still makes it very difficult to look for the address, or errors, after it has been entered; IPv6 PTR records are highly unrecognisable at a glance. A better way is to separate the edited view from the production view, to a small extent, by pre-processing the input with a tool. That is what this post is about; I present to you: ipv6-dns-revnibbles.
I initially designed this tool when I ran my first IPv6 enabled class for TELE301, and I think the tool has merit, so I’m releasing this to the public for feedback. Licence is public domain, no warranties etc. etc. That said, if you make a patch or have a bug report, I would happy to receive it.
IPv6 PTR records are a real pain, as an example, look at the following:

$TTL       604800
@       IN      SOA     ns1.localdomain. hostmaster.localdomain. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns1.localdomain.

$ORIGIN 0.0.0.0.e.c.5.3.4.0.1.4.b.6.d.f.ip6.arpa.

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR     server-1.localdomain.
e.0.7.3.8.2.e.f.f.f.7.2.0.0.a.0 PTR     client1.localdomain.

It is hard to find a mistake in such an input. A tool such as ipv6calc helps a lot in some respects, but only when adding the new records; it’s still quite difficult to see everything that is currently there. We can do better by generating the correct (verbose) format using a program with input from a zone file that goes through some filter to do the conversions. I have written just a program for you: ipv6-dns-revnibbles. This program works somewhat like the venerable m4 macro processor, but is highly specialised (at therefore rather useless at other tasks). With this tool, your input starts looking like this:

$TTL 3D

@ IN SOA ns1.localdomain. hostmaster.localdomain. (
        2010042801 8H 2H 4W 1D)

       NS        ns1.localdomain.

%RN-PREFIX(fd6b:4104:35ce::/64)

%RN(::1)                  PTR   server-1.localdomain.
%RN(::a00:27ff:fe28:370e) PTR   client1.localdomain.

You would store in a file such as db.foo.rn and then, using a simple Makefile, create db.foo from that. If you haven’t already, rename the reverse zone file you want to manage so it has a .rn extension.

# mv /etc/bind/db.fd6b-4104-35ce-0000--64{,.rn}

You’ll need to build the software, which uses the Flex tool and the C compiler; you should already have the C compiler installed, but you will need to install the flex package:

# apt-get install flex

Now, to build the software. First download ipv6-dns-revnibbles.tgz. Now from inside your server, unpack it and build it:

$ mkdir -p ~/src/ipv6-dns-revnibbles
$ cd ~/src/ipv6-dns-revnibbles
$ tar -zxf /path/to/ipv6-dns-revnibbles.tgz
$ less db.foo.rn
$ make
# install --owner root --group root --mode 0755 \
> ipv6-dns-revnibbles /usr/local/bin/
$ make -f Makefile.etc-bind
Updating db.foo from db.foo.rn
…
# install --owner root --group root --mode 0755 \
> Makefile.etc-bind /etc/bind/Makefile

Now, using db.foo.rn as a guide, update your own IPv6 reverse zone and run ‘make’ inside the /etc/bind/ directory.
To give you an example of what the input looks like, here is the contents of db.foo.rn, which is the input for the example above:

$TTL       604800
@       IN      SOA     ns1.localdomain. hostmaster.localdomain. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns1.localdomain.

%RN-PREFIX(fd6b:4104:35ce:0000::/64)

%RN(::1)                        PTR     server-1.localdomain.
%RN(::a00:27ff:fe28:370e)       PTR     client1.localdomain.

IMPORTANT: Unfortunately, ipv6-dns-revnibbles can’t know what the $ORIGIN is, so you need to specify %RN-PREFIX; this could be a sticking issue if you reuse a zone file for multiple zones.
PS. For what it’s worth, ipv6calc is still a very useful tool when dealing with other configuration files, such as named.conf:

$ ipv6calc --in=ipv6addr --out=revnibbles.arpa fd6b:4104:35ce::/64
0.0.0.0.e.c.5.3.4.0.1.4.b.6.d.f.ip6.arpa.

Comments

Popular posts from this blog

ORA-12170: TNS:Connect timeout — resolved

Getting MySQL server to run with SSL

From DNS Packet Capture to analysis in Kibana