Home page logo
/

nanog logo nanog mailing list archives

Re: v4/v6 dns thoughts?
From: Owen DeLong <owen () delong com>
Date: Tue, 9 Aug 2011 16:36:30 -0700


On Aug 9, 2011, at 11:47 AM, Joe Pruett wrote:

as i'm rolling v6 into my world, i'm not sure which way to go with
reverse dns conventions.  for forward i'm doing things like:

foo.example.com    a    1.1.1.1
foo.example.com    aaaa    1000::1.1.1.1
foo.v4.example.com    a    1.1.1.1
foo.v6.example.com    aaaa    1000::1.1.1.1

so i can use a foo.v4/v6 hostname if i need to specify transit behavior.

but for reverse i'm not sure if i want to map it like:

1.1.1.1.in-addr.arpa    ptr    foo.example.com.
1.0.1.0.1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.ip6.arpa   
ptr    foo.example.com

or:

1.1.1.1.in-addr.arpa    ptr    foo.v4.example.com.
1.0.1.0.1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.ip6.arpa   
ptr    foo.v6.example.com

being able to just use foo.example.com for authentication purposes
(sendmail, nfs, etc) is nice.  but also knowing when incoming is v4 or
v6 by just looking at the dns lookup (for tools that do reverse lookup
for you) is also nice.

what are you doing?  which way makes more sense to you?


My PTRs are all to the same host name. In any context where the protocol
actually matters, you should have other ways to detect it.

I also don't recommend doing the foo.v4/foo.v6 thing in your forwards. There's
really no advantage to do it. Most tools either have separate IPv4/IPv6 variants
or have command-line switches for address-family control if you care.

Owen



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault