IP Reverse Delegation ===================== Before you start you need to change a parameter in /usr/local/etc/unbound/unbound.conf: # a number of locally served zones can be configured. # local-zone: "10.10.in-addr.arpa." nodefault local-zone: "10.in-addr.arpa." transparent Then reload the unbound server: # unbound-control reload On your servers auth1, auth2 and resolv you have an IPv4 and an IPv6 address. You should make sure you have entries for each of these in your forward file. e.g. auth1.MYTLD. IN A 10.10.X.1 IN AAAA 2400:4136:8b5f:3a11::X:1 auth2.MYTLD. IN A 10.10.X.2 IN AAAA 2400:4136:8b5f:3a11::X:2 resolv.MYTLD. IN A 10.10.X.3 IN AAAA 2400:4136:8b5f:3a11::X:3 Don't forget to replace 'MYTLD' with your own domain (unless your name is Annie!) Adding the zones ---------------- 1. You should create a zone file for your in-addr.arpa zone and for your ip6.arpa zone using the names: db.X.10.10.in-addr.arpa db.X.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa You should copy the SOA and NS records from your MYTLD file to these files. 2. You will need to add a zone statement to the named.conf file on auth1 and the nsd.conf file on auth2. Use the existing details for your MYTLD as a template. 3. On the parent server the following delegations have been set up already Your in-addr.arpa delegations are: 1.10.10.in-addr.arpa. IN NS auth1.grp1.dns.nsrc.org. IN NS auth2.grp1.dns.nsrc.org. 2.10.10.in-addr.arpa. IN NS auth1.grp2.dns.nsrc.org. IN NS auth2.grp2.dns.nsrc.org. 3.10.10.in-addr.arpa. IN NS auth1.grp3.dns.nsrc.org. IN NS auth2.grp3.dns.nsrc.org. 4.10.10.in-addr.arpa. IN NS auth1.grp4.dns.nsrc.org. IN NS auth2.grp4.dns.nsrc.org. 5.10.10.in-addr.arpa. IN NS auth1.grp5.dns.nsrc.org. IN NS auth2.grp5.dns.nsrc.org. 6.10.10.in-addr.arpa. IN NS auth1.grp6.dns.nsrc.org. IN NS auth2.grp6.dns.nsrc.org. 7.10.10.in-addr.arpa. IN NS auth1.grp7.dns.nsrc.org. IN NS auth2.grp7.dns.nsrc.org. 8.10.10.in-addr.arpa. IN NS auth1.grp8.dns.nsrc.org. IN NS auth2.grp8.dns.nsrc.org. Your ip6.arpa delegations are: 1.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp1.dns.nsrc.org. IN NS auth2.grp1.dns.nsrc.org. 2.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp2.dns.nsrc.org. IN NS auth2.grp2.dns.nsrc.org. 3.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp3.dns.nsrc.org. IN NS auth2.grp3.dns.nsrc.org. 4.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp4.dns.nsrc.org. IN NS auth2.grp4.dns.nsrc.org. 5.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp5.dns.nsrc.org. IN NS auth2.grp5.dns.nsrc.org. 6.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp6.dns.nsrc.org. IN NS auth2.grp6.dns.nsrc.org. 7.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp7.dns.nsrc.org. IN NS auth2.grp7.dns.nsrc.org. 8.0.0.0.0.0.0.0.0.0.0.0.1.1.a.3.f.5.b.8.6.3.1.4.0.0.4.2.ip6.arpa. IN NS auth1.grp8.dns.nsrc.org. IN NS auth2.grp8.dns.nsrc.org. 4. Use dig to check that the nameservers are delegated properly after you reload your servers. 5. Add PTR records to each of the zone files for each of your three servers. e.g. 1 PTR auth1.MYTLD. and 1.0.0.0 PTR auth1.MYTLD. and so on. 6. Check that the reverse lookup works using "dig -x"