IPv6 Reverse DNS

mhcsoft · December 26, 2016, 6:50pm

Hallo,

ich versuche hier zeit einiger Zeit Reverse-Zonen für IPv6 Netze in den UCD-DNS zu bringen. Alles was ich bis jetzt versucht habe führt immer zu einem NXDOMAIN. Wie genau lege ich IPv6 Reverse-Zonen und PTR-Records darin an? Wie immer habe ich in der Doku nichts dazu gefunden, was nicht heissen soll dass es da nicht steht …

TIA

mhcsoft · December 27, 2016, 9:43am

Wenn man mal herausgefunden hat, dass bei der Anlage der Zone alles mit führenden Nullen auf 4 stellen aufgefüllt werden muss aber Null-Felder am Ende weggelassen werden müssen geht es dann auch.

falsch bei einem /64:

2008:1a50:2100:2
2008:1a50:2100:2::
2008:1a50:2100:0002:0000:0000:0000

richtig:

2008:1a50:2100:0002

Habe ich dann via “dig” und den Vergleich von Authority-Sections mit laufenden manuellen Bind-Configs herausgefunden. Man kann sich das auch erschliessen, wenn man sich einen “zone”-Eintrag in einer Bind-Config anschaut.

phiku · May 12, 2017, 7:18am

Im UCS wird automatisch eine Reverse-Zone nach obigen Beispiel erstellt, wenn eine feste IPV6-Adresse für eth0 per System -> Netzwerk vergeben wird.

Danach können jedoch keine A-Records in allen Zonen mehr gesetzt werden und die Reverse-Zone auch nicht aufgelöst werden. Hier muss Univention das skript zum Setzen der Revers-Zone anpassen.

thorp-hansen · May 16, 2017, 7:32am

das ist leider im Moment ein offenes Issue bei uns: https://forge.univention.org/bugzilla/show_bug.cgi?id=44027 Das betrifft im Moment nur die UMC.

pmhahn · May 17, 2017, 8:13am

The handling of reverse zones has been improved in UCS-4.2: UMC should give better help an what to enter:

Subnet: A subnet for reverse lookup consists of the first 1-3 octets of an IPv4 address (example: “192.168.0”) or of the first 1 to 31 nibbles of an expanded (with leading zeroes and without ::-substitution) IPv6 address (example: “2001:0db8:010” for “2001:db8:100::/24”)

Addresses are now also entered in fully forward notation, so you no longer have to do the math yourself which part of your IPv6 address belongs to the network prefix and which bits belong to the host.
Currently the documentation is missing those details. Because of the I’ve created https://forge.univention.org/bugzilla/show_bug.cgi?id=44618 Thank you for making us aware of that issue.

phiku · October 25, 2017, 1:28pm

Hello,

thank you for fixing this bug. Now I can build a Reverse-Lookup-Zone using global scope -Adresses. But even when I would like to use a Unique Local Adress or Site Local Adresse I can’t edit the DNS-Zones anymore. Please make it possible for local networks using ipv6 reverse DNS.

Thank You

Moritz_Bunkus · October 26, 2017, 9:05am

I can reproduce said behavior. It’s definitely a bug. I’ve created an issue for it in Bugzilla.

Moritz_Bunkus · October 26, 2017, 10:37am

The bug has already been fixed. Florian Best has also attached a patch to the bug that you can install manually if you don’t want to wait for updated packages:

cd /usr/share/univention-management-console-frontend/js/umc/modules/udm
curl 'https://forge.univention.org/bugzilla/attachment.cgi?id=9266' | patch

Afterwards clear your browser cache and reload the UMC.

phiku · October 26, 2017, 1:24pm

Thank you, I’ll wait for the updated packeges.

phiku · November 1, 2017, 2:30pm

After I Upgrade my UCS to 4.2-2 errata 209 it still not work. If a reverse Zone with fdc…/64 exists. No DNS-Zone items are visible on the left side. Only when I delete the IPV6 reverse zone, I can edit the other IPV4 Zones ver the left menu. This Problem only exists with ULA or SLA, not with GLA.

Moritz_Bunkus · November 1, 2017, 2:42pm

As the fix involves changing a JavaScript file, it’s quite likely that your browser is still using the old version. Browsers are very aggressive regarding caching of resources such as JavaScript files. Please clear your browser cache, reload the page and try again.

I can confirm that after installing errata 209 the fix is working fine for me with a reverse zone fdc01:1640:0141:0000.

phiku · November 2, 2017, 1:52pm

Thank you for this hint, now It works as it should. After a restart of UCS and a clearing of the Browser caches I can edit all DNS-IPV4/IPV6 Zones,

mahescho · January 21, 2018, 3:20pm

In which notation do I have to enter the “ip address” for the IPv6 PTR? Everything I’ve tried does not work.

Moritz_Bunkus · January 22, 2018, 8:14am

Please start a new topic for that question. It has nothing to do with the original thread’s problem. Thanks.

In order to answer your question here, too: for our zone 2001:1640:0141:00002 I can just use e.g. 2001:1640:141:2::5.

phiku · March 20, 2019, 2:02pm

Hello,

It’s me again. The Bug comes back in Version 4.4-0 errata 11. Can I use the same patch to see my IPV6 PTR-Records?

phiku · March 20, 2019, 3:14pm

I could fix this problem by deleting the IPV6 at Networks from the DC Master and delete the existing IPV6 Reverse-zone too at the DNS-Settings.

Afte that, I reconfigured the IPv6 in Networks of the Master and a new IPV6 Reverse-Zone comes automatically back and would be also filled automatically.

Love that! Good Work Univention, really