How to add PTR Record for reverse DNS ipv6 with scaleway dedibox

Hi there,

I am successfully trying to configure my miab in a proxmoxVE VM hosted at Scaleway Dedibox.

In order to get ipv6 reverse DNS it seems that they let you have DNS delegation in order to do so, see the docs below.

Also I found this previous question that was very similar to that but didn’t give much clue on how to do it on miab…

So after adding my box ns1 and ns2 in my Scaleway account menu for that purpose as shown in their docs.
I have edited myself the configuration file of my main domain at /etc/nsd/zones/mymaindomain.com.txt
I added the line for PTR record for my ipv6 adress done with the tool recommanded
http://rdns6.com/hostRecord
Then restartd the service nsd but no luck it doesn’t seems to work. :confused:

I must be missing something here…if anyone would advise it will be helpfully sweet :pray:

Reverse DNS is outside the scope of the MIAB project.

Reverse DNS Zones are IP based and flow from the following top level domains
in-addr.arpa. IPv4
ip6.arpa. IPv6

You’d need to create zone files for your reverse zones.

It might be better using he.net’s free DNS service to do this rather than MIAB.

dns.he.net

1 Like

Thanks @ravenstar68 for your answer :pray:

Do you have any more specific information on how to create a zone file for my reverse zone ?

Since I am happy with my MIAB server being a DNS server, I don’t see why I shall use another external service to do so…also if I get to learn new knowledge in the meantime it is valuable.
MIAB is about re-decentralising the internet and I am more than happy to continue to do so.

Here is an example for bind configuration provided by Scaleway documentation

https://documentation.online.net/en/dedicated-server/network/dns-delegation

;
; 2001:bc8:3398::/48
;
; Zone file built with the IPv6 Reverse DNS zone builder
; http://rdns6.com/
;
$TTL 1h ; Default TTL
8.9.3.3.8.c.b.0.1.0.0.2.ip6.arpa.       IN      SOA     ns1.domain.fr  webmaster.domain.fr (
        2016071503      ; serial
        1h              ; slave refresh interval
        15m             ; slave retry interval
        1w              ; slave copy expire time
        1h              ; NXDOMAIN cache time
        )

;
; domain name servers
;
@       IN      NS      ns1.domain.fr.
@       IN      NS      ns2.domain.fr.


; IPv6 PTR entries
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.9.3.3.8.c.b.0.1.0.0.2.ip6.arpa.    IN    PTR    toto.domain.fr.

Would I need to apply that in my /etc/nsd/zones/box.mydomain.com.txt file directly ?
I did try adding only the last line PTR, and I got different error instead of NXDOMAIN got NXFAILED…
I have try in the file /etc/bind/named.conf.local but it doesn’t work

If anyone can advise on this… :nerd_face:

You need to add a separate zone file for the reverse domain in /etc/nsd/zones Normally it’s recommended that the zonefile is named after the zone it’s for

So you’d create the zone file /etc/nsd/zones/8.9.3.3.8.c.b.0.1.0.0.2.ip6.arpa.txt using the file above
Note you need to change the @ lines in the file above to point to your box.

@       IN      NS      ns1.box.example.com
@       IN      NS      ns2.box.example.com

Then add the following lines to /etc/nsd/zones.conf

zone:
        name: 8.9.3.3.8..c.b.0.1.0.0.2.ip6.arpa
        zonefile: 8.9.3.3.8.c.b.0.1.0.0.2.ip6.arpa.txt

Be aware that any changes to your zone files may be reset though. Which is why I recommended using a third parties servers.

I’d also point out that the above does not include Signing the files and setting up DNSSEC.

1 Like

Thanks a lot @ravenstar68 for your clear explanations :innocent:

So it does work very well that way :star_struck: :partying_face: (careful in your example for zones.conf the lines name and zonefile shall be identical minus .txt – might be a typo there 3.8..c.b :wink:)

I am fully aware of the non persistent status of those modifications as I am maintaining my own fork for those tweaks.

Regarding signing and DNSSEC can you please elaborate on what the impact is and eventually advise on how to configure those ?

Thanks a lot again for your help @ravenstar68 and I believe this might come to help in the future for someone in the community running a similar setup.

DNSSEC is used to sign your DNS entries with RRSIG records which are verified using a DS record in the parent zone. It’s not necessary but it does mean that your DNS could be spoofed by third parties.

BTW you would need to do a similar zone for your IPv4 address.

Tim

P.S. I thought I’d corrected that typo.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.