{"id":1041,"date":"2016-08-27T19:59:23","date_gmt":"2016-08-27T17:59:23","guid":{"rendered":"http:\/\/www.hauweele.net\/~gawen\/blog\/?p=1041"},"modified":"2016-08-27T21:23:53","modified_gmt":"2016-08-27T19:23:53","slug":"ipv6-rdns-stub-zone-on-unbound","status":"publish","type":"post","link":"https:\/\/hauweele.net\/~gawen\/blog\/?p=1041","title":{"rendered":"IPv6 rDNS stub-zone on unbound"},"content":{"rendered":"<p>We have stub-zones configured on our gateway for reverse IPv6. Our ISP doesn&#8217;t delegate rDNS but we still want to lookup addresses (at least on the local side). To do so I configured a stub-zone from <a href=\"http:\/\/www.unbound.net\">unbound<\/a>, our local caching DNS, to our own rDNS authoritative server. Apparently unbound wants an IPv6 for its IPv6 rDNS queries to the stub-zone. Since IPv6 is not always working I solved that using the local interface. That is, the rDNS authoritative listen on localhost:5353 and unbound uses this as its stub-zone addresses.<\/p>\n<p>On the authoritative (here <a href=\"http:\/\/www.nlnetlabs.nl\/projects\/nsd\">NSD<\/a>):<\/p>\n<pre>\r\n ip-address: ::1@5353\r\n ip-address: 127.0.0.1@5353\r\n do-ip6: yes\r\n<\/pre>\n<p>On unbound, note that we need <code>do-not-query-localhost: no<\/code> to allow queries on localhost:<\/p>\n<pre>\r\n do-not-query-localhost: no\r\n\r\nstub-zone:\r\n name: 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.\r\n stub-addr: ::1@5353\r\n stub-addr: 127.0.0.1@5353\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>We have stub-zones configured on our gateway for reverse IPv6. Our ISP doesn&#8217;t delegate rDNS but we still want to lookup addresses (at least on the local side). To do so I configured a stub-zone from unbound, our local caching &hellip; <a href=\"https:\/\/hauweele.net\/~gawen\/blog\/?p=1041\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[518,730,164,709,728,729,727,726,517],"class_list":["post-1041","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-dns","tag-ip6-arpa","tag-ipv6","tag-nsd","tag-rdns","tag-reverse","tag-stub","tag-stub-zone","tag-unbound"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/hauweele.net\/~gawen\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1041","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hauweele.net\/~gawen\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hauweele.net\/~gawen\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hauweele.net\/~gawen\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hauweele.net\/~gawen\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1041"}],"version-history":[{"count":0,"href":"https:\/\/hauweele.net\/~gawen\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1041\/revisions"}],"wp:attachment":[{"href":"https:\/\/hauweele.net\/~gawen\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1041"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hauweele.net\/~gawen\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1041"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hauweele.net\/~gawen\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1041"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}