Support delegated IPv6 addresses

andrew · September 10, 2021, 2:28am

Hi Josh,

I know you like to keep MIAB on a clean path, but I have a tiny suggestion that will permit MIAB to be used standalone with a IPv6 delegated address range.

The modern way to manage IPv6 addresses is that your ISP grants you a range (typically /64) of addresses, known as “delegated addresses” (unlike at a data-centre, where you’re probably only given a single global address). Your DHCP server then hands individual addresses out to local machines, in a similar fashion to passing out local IPv4 NAT addresses. And like local IPv4 addresses, you configure DHCP to give servers a “fixed” addresses. This is works just fine.

The wrinkle comes about when you need a reverse-DNS entry (for your email server). Under IPv4 or at a data-centre, your ISP is managing the addresses and you ask them to configure the reverse DNS entry - simple. But when using delegated addresses, the ISP/data-centre does not have direct control of the individual addresses, so they forward (“delegate”) any IPv6 reverse DNS queries to your local DNS server. Again, this works just fine.

Unfortunately MIAB isn’t set-up to provide such reverse DNS replies for the delegated addresses. Nsd can handle this easily - we just put the details in another zone file (it should be in another zone file because we’re talking about a completely different domain). It’s not a naive-user thing to do, but it’s not difficult. (Happy to provide detailed instructions, if useful.)

However (as I’m sure you know) MIAB overwrites zones.conf every night, and overwrites nsd.conf on setup/update. I propose that nsd.conf includes the line “include: /etc/nsd/local.conf” and a dummy (empty) /etc/nsd/local.conf file is provided, so non-naive users can setup reverse IPv6 entries.

The change to MIAB is almost trivial. In ~/mailinabox/setup/dns.sh (about line 65) we add:

  echo "include: /etc/nsd/local.conf" >> /etc/nsd/nsd.conf;

Nsd requires include files to always exist, so we provide a dummy file /etc/nsd/local.conf like:

  # local zone config

(We could go down the road of providing delegated reverse entries automatically, or add them using the web interface, but that’s a much bigger job.)

If you’re happy to include this change, I’m can provide detailed instructions for creating appropriate zone files - just let me know. Thanks, Andrew.

JoshData · September 10, 2021, 12:19pm

That’s fine with me (moving our local changes to a separate conf file). Will you open a PR?

andrew · September 11, 2021, 10:32am

Done, PR #2034 is on github. Where’s a good place to leave some doco? This post?

SHAdmin · September 17, 2021, 3:44pm

Andrew,

Please read Add ‘include: /etc/nsd/includes/*.conf’ to dns.sh which I submitted Feb 2018. The version of NSD installed by MiaB has been updated since then, so now NSD can handle wildcard includes. This makes my initial proposal now suitable, and can provide an elegant way to augment the standard MiaB NSD configuration without any need for dummy files. Adding include: /etc/nsd/includes/*.conf’ >> /etc/nsd/nsd.conf; causes NSD to include supplemental configuration files from the includes directory, yet that directory can remain empty without causing any problems. Adding mkdir -p “/etc/nsd/includes”; to dns.sh creates the empty includes directory where supplemental NSD configuration files can be stored. I have been employing this method that I proposed for MiaB with the configuration of NSD on a FreeBSD VM that serves as our secondary authoritative name server. It works beautifully, while being very easy to administer.

Michael