I am successfully trying to configure my miab in a proxmoxVE VM hosted at Scaleway Dedibox.
In order to get ipv6 reverse DNS it seems that they let you have DNS delegation in order to do so, see the docs below.
Also I found this previous question that was very similar to that but didn’t give much clue on how to do it on miab…
So after adding my box ns1 and ns2 in my Scaleway account menu for that purpose as shown in their docs.
I have edited myself the configuration file of my main domain at /etc/nsd/zones/mymaindomain.com.txt
I added the line for PTR record for my ipv6 adress done with the tool recommanded http://rdns6.com/hostRecord
Then restartd the service nsd but no luck it doesn’t seems to work.
I must be missing something here…if anyone would advise it will be helpfully sweet
Do you have any more specific information on how to create a zone file for my reverse zone ?
Since I am happy with my MIAB server being a DNS server, I don’t see why I shall use another external service to do so…also if I get to learn new knowledge in the meantime it is valuable.
MIAB is about re-decentralising the internet and I am more than happy to continue to do so.
;
; 2001:bc8:3398::/48
;
; Zone file built with the IPv6 Reverse DNS zone builder
; http://rdns6.com/
;
$TTL 1h ; Default TTL
8.9.3.3.8.c.b.0.1.0.0.2.ip6.arpa. IN SOA ns1.domain.fr webmaster.domain.fr (
2016071503 ; serial
1h ; slave refresh interval
15m ; slave retry interval
1w ; slave copy expire time
1h ; NXDOMAIN cache time
)
;
; domain name servers
;
@ IN NS ns1.domain.fr.
@ IN NS ns2.domain.fr.
; IPv6 PTR entries
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.9.3.3.8.c.b.0.1.0.0.2.ip6.arpa. IN PTR toto.domain.fr.
Would I need to apply that in my /etc/nsd/zones/box.mydomain.com.txt file directly ?
I did try adding only the last line PTR, and I got different error instead of NXDOMAIN got NXFAILED…
I have try in the file /etc/bind/named.conf.local but it doesn’t work
You need to add a separate zone file for the reverse domain in /etc/nsd/zones Normally it’s recommended that the zonefile is named after the zone it’s for
So you’d create the zone file /etc/nsd/zones/8.9.3.3.8.c.b.0.1.0.0.2.ip6.arpa.txt using the file above
Note you need to change the @ lines in the file above to point to your box.
@ IN NS ns1.box.example.com
@ IN NS ns2.box.example.com
Then add the following lines to /etc/nsd/zones.conf
Thanks a lot @ravenstar68 for your clear explanations
So it does work very well that way (careful in your example for zones.conf the lines name and zonefile shall be identical minus .txt – might be a typo there 3.8..c.b )
I am fully aware of the non persistent status of those modifications as I am maintaining my own fork for those tweaks.
Regarding signing and DNSSEC can you please elaborate on what the impact is and eventually advise on how to configure those ?
Thanks a lot again for your help @ravenstar68 and I believe this might come to help in the future for someone in the community running a similar setup.
DNSSEC is used to sign your DNS entries with RRSIG records which are verified using a DS record in the parent zone. It’s not necessary but it does mean that your DNS could be spoofed by third parties.
BTW you would need to do a similar zone for your IPv4 address.