1 | IP Reverse Delegation |
---|
2 | ===================== |
---|
3 | |
---|
4 | Before you start you need to change a parameter in /usr/local/etc/unbound/unbound.conf: |
---|
5 | |
---|
6 | # a number of locally served zones can be configured. |
---|
7 | # local-zone: "10.10.in-addr.arpa." nodefault |
---|
8 | local-zone: "10.in-addr.arpa." transparent |
---|
9 | |
---|
10 | Then reload the unbound server: |
---|
11 | |
---|
12 | # unbound-control reload |
---|
13 | |
---|
14 | On your servers auth1, auth2 and resolv you have an IPv4 and an IPv6 address. You should |
---|
15 | make sure you have entries for each of these in your forward file. |
---|
16 | e.g. |
---|
17 | |
---|
18 | auth1.MYTLD. IN A 10.10.X.1 |
---|
19 | IN AAAA 2400:4136:8b5f:3a11::X:1 |
---|
20 | auth2.MYTLD. IN A 10.10.X.2 |
---|
21 | IN AAAA 2400:4136:8b5f:3a11::X:2 |
---|
22 | resolv.MYTLD. IN A 10.10.X.3 |
---|
23 | IN AAAA 2400:4136:8b5f:3a11::X:3 |
---|
24 | |
---|
25 | Don't forget to replace 'MYTLD' with your own domain (unless your name is Annie!) |
---|
26 | |
---|
27 | Adding the zones |
---|
28 | ---------------- |
---|
29 | |
---|
30 | 1. You should create a zone file for your in-addr.arpa zone and for your ip6.arpa zone |
---|
31 | using the names: |
---|
32 | |
---|
33 | db.X.10.10.in-addr.arpa |
---|
34 | db.X.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa |
---|
35 | |
---|
36 | You should copy the SOA and NS records from your MYTLD file to these files. |
---|
37 | |
---|
38 | 2. You will need to add a zone statement to the named.conf file on auth1 and the nsd.conf |
---|
39 | file on auth2. Use the existing details for your MYTLD as a template. |
---|
40 | |
---|
41 | 3. On the parent server the following delegations have been set up already |
---|
42 | |
---|
43 | Your in-addr.arpa delegations are: |
---|
44 | |
---|
45 | 1.10.10.in-addr.arpa. IN NS auth1.grp1.dns.nsrc.org. |
---|
46 | IN NS auth2.grp1.dns.nsrc.org. |
---|
47 | |
---|
48 | 2.10.10.in-addr.arpa. IN NS auth1.grp2.dns.nsrc.org. |
---|
49 | IN NS auth2.grp2.dns.nsrc.org. |
---|
50 | |
---|
51 | 3.10.10.in-addr.arpa. IN NS auth1.grp3.dns.nsrc.org. |
---|
52 | IN NS auth2.grp3.dns.nsrc.org. |
---|
53 | |
---|
54 | 4.10.10.in-addr.arpa. IN NS auth1.grp4.dns.nsrc.org. |
---|
55 | IN NS auth2.grp4.dns.nsrc.org. |
---|
56 | |
---|
57 | 5.10.10.in-addr.arpa. IN NS auth1.grp5.dns.nsrc.org. |
---|
58 | IN NS auth2.grp5.dns.nsrc.org. |
---|
59 | |
---|
60 | 6.10.10.in-addr.arpa. IN NS auth1.grp6.dns.nsrc.org. |
---|
61 | IN NS auth2.grp6.dns.nsrc.org. |
---|
62 | |
---|
63 | 7.10.10.in-addr.arpa. IN NS auth1.grp7.dns.nsrc.org. |
---|
64 | IN NS auth2.grp7.dns.nsrc.org. |
---|
65 | |
---|
66 | 8.10.10.in-addr.arpa. IN NS auth1.grp8.dns.nsrc.org. |
---|
67 | IN NS auth2.grp8.dns.nsrc.org. |
---|
68 | |
---|
69 | Your ip6.arpa delegations are: |
---|
70 | |
---|
71 | 1.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp1.dns.nsrc.org. |
---|
72 | IN NS auth2.grp1.dns.nsrc.org. |
---|
73 | |
---|
74 | 2.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp2.dns.nsrc.org. |
---|
75 | IN NS auth2.grp2.dns.nsrc.org. |
---|
76 | |
---|
77 | 3.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp3.dns.nsrc.org. |
---|
78 | IN NS auth2.grp3.dns.nsrc.org. |
---|
79 | |
---|
80 | 4.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp4.dns.nsrc.org. |
---|
81 | IN NS auth2.grp4.dns.nsrc.org. |
---|
82 | |
---|
83 | 5.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp5.dns.nsrc.org. |
---|
84 | IN NS auth2.grp5.dns.nsrc.org. |
---|
85 | |
---|
86 | 6.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp6.dns.nsrc.org. |
---|
87 | IN NS auth2.grp6.dns.nsrc.org. |
---|
88 | |
---|
89 | 7.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp7.dns.nsrc.org. |
---|
90 | IN NS auth2.grp7.dns.nsrc.org. |
---|
91 | |
---|
92 | 8.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp8.dns.nsrc.org. |
---|
93 | IN NS auth2.grp8.dns.nsrc.org. |
---|
94 | |
---|
95 | 4. Use dig to check that the nameservers are delegated properly after you reload your servers. |
---|
96 | |
---|
97 | 5. Add PTR records to each of the zone files for each of your three servers. |
---|
98 | |
---|
99 | e.g. |
---|
100 | |
---|
101 | 1 PTR auth1.MYTLD. |
---|
102 | |
---|
103 | and |
---|
104 | |
---|
105 | 1.0.0.0 PTR auth1.MYTLD. |
---|
106 | |
---|
107 | and so on. |
---|
108 | |
---|
109 | 6. Check that the reverse lookup works using "dig -x" |
---|