List-Archive: <https://lists.isc.org/pipermail/bind-users/>
MIME-Version: 1.0
List-Post: <mailto:bind-users@lists.isc.org>
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,	HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD	autolearn=unavailable autolearn_force=no version=3.4.0
In-Reply-To: <20170519224833.087C5790923E@rock.dv.isc.org>
Errors-To: bind-users-bounces@isc.org
List-Help: <mailto:bind-users-request@lists.isc.org?subject=help>
X-Mailman-Version: 2.1.20
References: <57bf558b-f4eb-f2e4-c27c-9447ff4dd8c1@axu.tm> <20170519224833.087C5790923E@rock.dv.isc.org>
content-type: text/plain; charset="utf-8"
Message-ID: <396e2fc9-3151-aad6-b5bc-28784bd15ae4@axu.tm>
Organization: Axu TM Oy
Received: from rock.dv.isc.org (localhost [IPv6:::1])	by rock.dv.isc.org (Postfix) with ESMTP id 57ECB792945E	for <marka@localhost>; Mon, 22 May 2017 18:48:43 +1000 (AEST)
Received: from zimbra.isc.org [149.20.0.17]	by rock.dv.isc.org with IMAP (fetchmail-6.3.22)	for <marka@localhost> (single-drop); Mon, 22 May 2017 18:48:43 +1000 (AEST)
Received: from zmx1.isc.org (LHLO zmx1.isc.org) (149.20.0.20) by zmail1.isc.org with LMTP; Mon, 22 May 2017 08:43:18 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])	by zmx1.isc.org (Postfix) with ESMTP id 18214160050	for <marka@isc.org>; Mon, 22 May 2017 08:43:18 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1])	by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10024)	with ESMTP id 34cctsJ8cTYl for <marka@isc.org>;	Mon, 22 May 2017 08:43:18 +0000 (UTC)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53])	by zmx1.isc.org (Postfix) with ESMTPS id EB10916003A	for <marka@zimbra.isc.org>; Mon, 22 May 2017 08:43:17 +0000 (UTC)
Received: from lists.isc.org (lists.isc.org [149.20.1.60])	by mx.pao1.isc.org (Postfix) with ESMTP id D08A93493CD	for <marka@isc.org>; Mon, 22 May 2017 08:43:13 +0000 (UTC)
Received: from lists.isc.org (localhost [127.0.0.1])	by lists.isc.org (Postfix) with ESMTP id C1C9B67ED70;	Mon, 22 May 2017 08:43:09 +0000 (UTC)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) by lists.isc.org (Postfix) with ESMTP id E8A4367ED31 for <bind-users@lists.isc.org>; Mon, 22 May 2017 08:43:06 +0000 (UTC)
Received: from mail.axu.tm (imap.axu.tm [IPv6:2001:1430:a:6e::3e1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 79C193493A5 for <bind-users@isc.org>; Mon, 22 May 2017 08:43:04 +0000 (UTC)
Received: from [IPv6:2001:708:310:52:4ecc:6aff:fe54:6f9a] (kokki.sec.rd.tut.fi [IPv6:2001:708:310:52:4ecc:6aff:fe54:6f9a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "halli.sec.rd.tut.fi", Issuer "Axu TM CA 2025" (verified OK)) by mail.axu.tm (Postfix) with ESMTPS id EF52A56E8 for <bind-users@isc.org>; Mon, 22 May 2017 08:42:44 +0000 (UTC)
Delivered-To: marka@localhost.dv.isc.org
Delivered-To: bind-users@lists.isc.org
Subject: Re: How to generate authoritative DNS64 reverse zone
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
Return-Path: <bind-users-bounces+marka=isc.org@isc.org>
X-Original-To: marka@localhost
X-Original-To: bind-users@lists.isc.org
List-Subscribe: <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe>
Sender: "bind-users" <bind-users-bounces@isc.org>
Date: Mon, 22 May 2017 11:42:43 +0300
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org
Precedence: list
X-Beenthere: bind-users@lists.isc.org
List-ID: BIND Users Mailing List <bind-users.lists.isc.org>
To: bind-users@isc.org
Content-Transfer-Encoding: 7bit
List-Unsubscribe: <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe>
From: "Aleksi Suhonen" <bind-users-2017@ssd.axu.tm>
X-RT-Original-Encoding: ascii
Content-Length: 2061

Hi,

On 05/20/2017 01:48 AM, Mark Andrews wrote:
> In message <57bf558b-f4eb-f2e4-c27c-9447ff4dd8c1@axu.tm>, Aleksi Suhonen writes:
>> So how do I configure Bind9 to generate one authoritative DNS64 reverse
>> zone that contains CNAMEs to in-addr.arpa, but otherwise not mess with
>> anything?

> You should delegate
> 1.0.0.0.0.0.0.0.2.3.B.D.0.B.2.0.C.7.6.0.1.0.0.2.IP6.ARPA normally.
> This will let everyone in the world find the CNAME records.  This
> should be done even if you are just doing it for your recursive
> clients.

I created the delegation, tried the below config and created an empty
zone file for the above delegation. Rndc reconfig gave the following error:

22-May-2017 07:58:13.534 general: error: reloading configuration failed:
already exists

This was the entirety of the error message.

> If you don't want A to AAAA mappings to happen then turn off the
> DNS64 mapping for everyone on the server.

>         dns64 2001:67c:2b0:db32:0:1::/96 {
>                 clients { none; }
>         };

When I removed the empty master zone, the error message went away. So it
seems that the dns64 declaration implicitly creates a new zone in Bind.
Makes sense. This could be added to documentation?

I think the above error message should also be improved, as it gave no
indication as to *what* exists already. I could have saved about an hour
of wondering what the hell is wrong with my config change, if the error
message was a bit more wordy. :-)

In hind sight, I guess I could have turned on debugging and seen what
messages would be generated then, but I suspect there would have been
too many messages for me to process.

Anyway, thanks for the help.

-- 
        Aleksi Suhonen / Axu TM Oy
        Internetworking Consulting
        Cellular: +358 44 975 6548
        World Wide Web: www.axu.tm
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users