[ale] IPv6 shell?

Michael H. Warfield mhw at wittsend.com
Wed Mar 5 23:50:24 EST 2003


On Wed, Mar 05, 2003 at 09:28:45AM -0500, Robert L. Harris wrote:

> Anyone here running IPv6 out of curriosity?  I've got my systems about
> 90% where I want them finally except for reverse DNS.  How's everyone
> else doing?

	I'm afraid you haven't provided us with nearly enough information.

	Which top level zone or "universe"?  Internet6 (2001::/16),
6Bone (3ffe::/16) or 6to4 (2002::/16)?

	If you are on Internet6, the deployed production TLA's, you
should be having no problem.  Your reverse DNS should be in reverse
nibble zone form under [reverse-nibbles].ip6.arpa.  You're provider
has to delegate your zone down to your server.

	If you are on 6Bone, a lot is going to depend on the distribution
you are using and your provider (and, with luck, a little time).  The
original reverse DNS lookups for 6Bone were under [reverse-nibbles].ip6.int.
But the IETF changed course and direction and decreed that the IPv6
reverse lookups shall be under [reverse-nibbles].ip6.arpa.  When many
of the resolver libraries looked under [reverse-nibbles].ip6.arpa, there
was no 6Bone, because [reverse-nibbles].e.f.f.3.ip6.arpa is not (or was
not) delegated.  RedHat 7.x is broken for 6Bone in this way.  Most of
the details on the delegations have been worked out and the ip6.int
tree is supposedly been (or being) cloned into ip6.arpa which SHOULD
resolve that problem.  Except there was also some dispute / disagreement
over reverse nibbles / string labels.  That decision is for reverse nibbles
and some of the older resolver libraries may have used string labels.
There there was the question of your provider.  Do THEY support ip6.arpa
and are they delegating that down to your DNS server.  At one point,
FreeNET6 was not.  They appear to be doing so, now.  RedHat 8.0 seems
to be working great (now) on 6Bone for me appears to be functional, but
it's not clear why it started working.  The delegation has to be in place
and FreeNET6 has to be supporting it and the resolver libraries have to
be using reverse nibbles (which is all I'm providing).  They all work now
for RedHat 8.0.  But not, apparently, for RedHat 7.3.  RedHat 7.3 works
from within my zone (and hitting my name servers) but not from machines
that are referencing them.  That tells me that it's STILL a delegation
problem, but I'm not sure where, especially since RedHat 8.0 works outside
my zone.  My guess is the resolver libraries in RedHat 8.0 are checking
both ip6.arpa and ip6.int.  But that doesn't explain why RedHat 8.0 was
NOT working a couple of months ago, before the agreement with the RIR's
and IANA over the ip6.arpa delegation for the 6Bone.

	If you are attempting to use 6to4 autotunneling on 2002::/16 then
you don't stand a snowballs chance in hell of EVER getting reverse lookups
to work (how would it ever get delegated across IPv4 dereferencing) so
you can give up on that one right now.

	Based on your address in your sig, it looks like you are
on Internet6...

[mhw at alcove mhw]$ host -t AAAA ipv6.rdlg.net
ipv6.rdlg.net has AAAA address 2001:470:1f00:ffff::2db

	Ok...
		TLA/NLA = 2001:470:1ff0: (Internet 6)
		SLA = ffff
		EUI = ::2bd	(YUCK)

	Do you have a reverse nibble lookup set up for this:

b.d.2.0.0.0.0.0.0.0.0.0.0.0.0.0.f.f.f.f.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa?

	Your provider should be delegating this zone to you:

	0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa

	With and entry like this:

$ORIGIN 0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa.
b.d.2.0.0.0.0.0.0.0.0.0.0.0.0.0.f.f.f.f PTR ipv6.rdlg.net.

	That should work (or you can divide it up between other
zone boundries if you wish).

	Here is an example from my (working, dynamic) zone file:

$ORIGIN 4.8.c.0.0.8.b.0.e.f.f.3.ip6.arpa.
e.b.b.e.e.7.e.f.f.f.7.b.0.d.2.0.0.2.0.0 PTR berserker.ip6.wittsend.com.

	You'll notice that I'm on 6Bone.

	I'm able to ping you just fine AND I AM getting a reverse
DNS lookup on you...

[root at alcove mhw]# ping6 ipv6.rdlg.net
PING ipv6.rdlg.net(rlharris-pt.tunnel.tserv1.fmt.ipv6.he.net) 56 data bytes
64 bytes from rlharris-pt.tunnel.tserv1.fmt.ipv6.he.net: icmp_seq=1 ttl=59 time=560 ms
64 bytes from rlharris-pt.tunnel.tserv1.fmt.ipv6.he.net: icmp_seq=2 ttl=59 time=514 ms
64 bytes from rlharris-pt.tunnel.tserv1.fmt.ipv6.he.net: icmp_seq=3 ttl=59 time=1301 ms
64 bytes from rlharris-pt.tunnel.tserv1.fmt.ipv6.he.net: icmp_seq=4 ttl=59 time=1287 ms
64 bytes from rlharris-pt.tunnel.tserv1.fmt.ipv6.he.net: icmp_seq=5 ttl=59 time=1107 ms
64 bytes from rlharris-pt.tunnel.tserv1.fmt.ipv6.he.net: icmp_seq=6 ttl=59 time=763 ms

	If I wasn't able to get a reverse lookup, I would get your
hex address instead of that "rlharris-pt.tunnel.tserv1.fmt.ipv6.he.net"
name.  But it looks like a name from your provider.  I think you need
to discuss the reverse lookup issues with them.  :-)

> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris                     | PGP Key ID: E344DA3B
>                                          @ x-hkp://pgp.mit.edu 
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
> 
> Diagnosis: witzelsucht  	
> 
> IPv6 = robert at ipv6.rdlg.net	http://ipv6.rdlg.net
> IPv4 = robert at mail.rdlg.net	http://www.rdlg.net


	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

 PGP signature




More information about the Ale mailing list