Spectrum residential IPv6 rDNS - thank you !
Wanted to give a shoutout / thank you to Spectrum for this. Just noticed today my home PD now has dynamic/synthesized rDNS for IPv6. Some of my dumb little scripts outputs are a bit happier today ! :) -- Brandon Applegate - CCIE 10273 PGP Key fingerprint: 0641 D285 A36F 533A 73E5 2541 4920 533C C616 703A "For thousands of years men dreamed of pacts with demons. Only now are such things possible."
Hey there, On 10/9/18 4:51 PM, Brandon Applegate wrote:
Wanted to give a shoutout / thank you to Spectrum for this. Just noticed today my home PD now has dynamic/synthesized rDNS for IPv6.
I wonder how they generate these rDNS PTR records? I was always curious, hope someone knows. -- Endre
On Oct 9, 2018, at 11:37 AM, endre.szabo@nanog-list-kitfvhs.redir.email wrote:
Hey there,
On 10/9/18 4:51 PM, Brandon Applegate wrote:
Wanted to give a shoutout / thank you to Spectrum for this. Just noticed today my home PD now has dynamic/synthesized rDNS for IPv6.
I wonder how they generate these rDNS PTR records? I was always curious, hope someone knows.
--
I’m guessing synthesized. There are a couple of dns servers out there that can do this. An interesting one I just found: https://all-knowing-dns.zekjur.net Also my excitement was a bit premature. It seems that: 1) This is only available from one of the resolvers given out as an IPv6 DNS server (in my region at least) - 2001:1998:f00:1::1 A dig +trace from the internet at large only gets to the NXDOMAIN (which is still much better than a SERVFAIL). 2) Looks like 2001:1998:f00:1::1 is anycasted (as one would expect). However not all of the instances will consistently return a PTR. # Simply running dig a handful of times to hit the different anycast boxes… # vom@ice:~$ dig +short @2001:1998:f00:1::1 -x 2607:fcc8:1234:5678::1234 cpe-2607-FCC8-1234-5678-0-0-0-1234.dyn6.twc.com. vom@ice:~$ dig +short @2001:1998:f00:1::1 -x 2607:fcc8:1234:5678::1234 cpe-2607-FCC8-1234-5678-0-0-0-1234.dyn6.twc.com. vom@ice:~$ dig +short @2001:1998:f00:1::1 -x 2607:fcc8:1234:5678::1234 cpe-2607-FCC8-1234-5678-0-0-0-1234.dyn6.twc.com. vom@ice:~$ dig +short @2001:1998:f00:1::1 -x 2607:fcc8:1234:5678::1234 vom@ice:~$ dig +short @2001:1998:f00:1::1 -x 2607:fcc8:1234:5678::1234 vom@ice:~$ dig +short @2001:1998:f00:1::1 -x 2607:fcc8:1234:5678::1234 cpe-2607-FCC8-1234-5678-0-0-0-1234.dyn6.twc.com. I checked 2001:1998:f00:1::1 via whoami.akamai.net and got back a handful of unique IPs. I’m guessing some inconsistent config or something else has broken on some of the instances... -- Brandon Applegate - CCIE 10273 PGP Key fingerprint: 0641 D285 A36F 533A 73E5 2541 4920 533C C616 703A "For thousands of years men dreamed of pacts with demons. Only now are such things possible."
Op 10-10-18 om 00:42 schreef Brandon Applegate:
I’m guessing synthesized. There are a couple of dns servers out there that can do this. An interesting one I just found:
Or, if you prefer DNSSEC capable alternatives, try: https://github.com/cmouse/pdns-v6-autorev https://www.knot-dns.cz/docs/2.4/html/modules.html -- Marco
Hey there, On 10/10/18 10:09 AM, Marco Davids via NANOG wrote:
Op 10-10-18 om 00:42 schreef Brandon Applegate:
I’m guessing synthesized. There are a couple of dns servers out there that can do this. An interesting one I just found:
Or, if you prefer DNSSEC capable alternatives, try:
https://github.com/cmouse/pdns-v6-autorev https://www.knot-dns.cz/docs/2.4/html/modules.html
Thank you guys. It was just a false naive question to check if anyone's gonna mention my repository called
PowerDNS pipe dynamic backend to serve dnswall style A, AAAA and PTR DNS records for any given CIDR ranges.
which is up there since 2011. https://github.com/endreszabo/PowerDNS-Dynamic-Reverse-Backend -- Endre
Hi, On 9/10/2018 11:37 PM, endre.szabo@nanog-list-kitfvhs.redir.email wrote:
I wonder how they generate these rDNS PTR records? I was always curious, hope someone knows.
I do it for our various IPv6 (and IPv4) allocations by using PowerDNS with a remote backend. If there is no existing PTR record defined the query gets sent to the remote backend which generates the PTR based on the IP address. The same thing happens for A/AAAA record requests, if the A/AAAA record for the PTR does not exist it will also be generated based off the hostname provided as long as the hostname matches a record that would have an automatic PTR generated. Originally I was using the pipe backend with a modified copy of "PowerDNS-Dynamic-Reverse-Backend" (https://github.com/endreszabo/PowerDNS-Dynamic-Reverse-Backend) but ended up writing my own in Perl as the backend was a bit fragile and didn't do everything I wanted.
Hi there, On 10/10/18 3:43 AM, Chris wrote:
Originally I was using the pipe backend with a modified copy of "PowerDNS-Dynamic-Reverse-Backend" (https://github.com/endreszabo/PowerDNS-Dynamic-Reverse-Backend) but ended up writing my own in Perl as the backend was a bit fragile and didn't do everything I wanted.
I love you Chris <3 I would really like to know what made you think that it is a bit fragile? Crashes, slow responses? PowerDNS can make a great use of the so called 'packet caching' to cache pipe backend results. I admit that this code was not really in production on a public network just on some private ones. And enhancement ideas? What else did you want the script to do? Thanks for referencing. -- Endre
participants (4)
-
Brandon Applegate
-
Chris
-
endre.szabo@nanog-list-kitfvhs.redir.email
-
Marco Davids