(:redirect DNS/ipv6rDNS:)

# Configuring rDNS using NSD

We can configure our rDNS using [nsd](/openbsd/nsd), an authoritative name server. nsd comes as part of openbsd base so no installation will be necessary.

**NOTICE**: This guide assumes you have already configured [nsd](/openbsd/nsd) for forward DNS resolution.

## IPv6 Subnet

Suppose we have been delegated the rDNS zone for our [IPv6](/openbsd/IPv6) subnet, 2001:550:3402:1:143::/80. To find out our zone, we need to fill in all the missing zeros, put periods between each digit, reverse the digits, then add ip6.arpa:

    2001:550:3402:1:143:: # original subnet
    2001:0550:3402:0001:0143:: # fill in the missing zeros
    2.0.0.1.0.5.5.0.3.4.0.2.0.0.0.1.0.1.4.3 # add periods between each digit
    3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2 # reverse the digits
    3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa # add ip6.arpa


Here is a simple command to do this:

    echo "<IPv6 subnet>"|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"


(:if false:)

grep inet6.*48 /etc/hostname.vio0|awk '{print$2}'|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"

(:ifend:)

Replace <IPv6 subnet> with your real IPv6 subnet. Make sure to fill in any missing zeros.

For example:

    echo "2001:0550:3402:0001"|rev|sed "s/://g;s/\(.\)/\1./g;s/$/ip6.arpa/"


## Zone File

Now we must create the zone file in /var/nsd/zones/master/3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa:

    $ORIGIN 3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa.
    @       3600    IN      SOA     ns1.ircnow.org. admin.ircnow.org. (
                    2021020105 1800 3600 1209600 3600 )
            3600    IN      NS      ns1.jrmu.coconut.ircnow.org.
            3600    IN      NS      ns2.jrmu.coconut.ircnow.org.
    0.0.0.0.0.0.0.0.0.0.0.0         3600    IN      PTR     user1.coconut.ircnow.org.
    1.0.0.0.0.0.0.0.0.0.0.0         3600    IN      PTR     user2.coconut.ircnow.org.


## /var/nsd/etc/nsd.conf

Now we only need to add this section to /var/nsd/etc/nsd.conf:

    zone:
            name: "3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"
            zonefile: "master/3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"


## Restart nsd and test

    $ doas rcctl restart nsd


We can test using [host](openbsd/host) or [[dig](/openbsd/dig):
We can test using [host](openbsd/host) or [[dig](/openbsd/dig):

    host 2001:550:3402:1:143::1 <nameserver-ip>


Replace <nameserver-ip> with your actual nameserver IP. Once you have confirmed this is working, you can then ask to have your zone delegated to your nameserver.

You can then test if both forward and reverse DNS lookup work by using [netcat](/openbsd/netcat) to connect to IRC.

(:if false:)

## Troubleshooting

## Primary and secondary server

If you need a secondary server to host the zone, you can do this as follows. Add to the block that describes your master zone, records about the secondary zone as in the example:

    zone:
    	name: "example.net"
    	zonefile: "master/example.net"
    	notify: 20.20.20.20 NOKEY
    	provide-xfr: 20.20.20.20 NOKEY


Create a new block in the secondary server config file, as in the example:

    zone:
    	name: "example.net"
    	zonefile: "slave/example.net"
    	allow-notify: 10.10.10.10 NOKEY
    	request-xfr: 10.10.10.10 NOKEY


## The zone file for NSD

The next step is to write the zone files for NSD. First the forward lookup zone example.net:

    ; Domain file from My project
    example.net.    3600  SOA   ns.example.net. admin.example.net. (
                                2020070701   ; serial YYYYMMDDnn
                                10800        ; refresh
                                3600         ; retry
                                604800       ; expire
                                86400 )      ; minimum TTL
    example.net.    NS    ns.example.net.
    example.net.    NS    ns.secondary.net.
    ns              A     10.10.10.10
    example.net.    A     10.10.10.10
    www             A     10.10.10.10
    irc             A     10.10.10.10
    imap            A     10.10.10.10
    smtp            A     10.10.10.10
    example.net.    mx    10 smtp.example.net.


Save this zone file as /var/nsd/zones/master/example.net

## Configuration check and start

NSD bring along a tool to check the configuration file before you start or reload the daemon:

    $ doas nsd-checkconf /var/nsd/etc/nsd.conf


Any errors are reported, so no news are good news. You can go ahead and start NSD:

    $ doas rcctl enable nsd
    $ doas rcctl start nsd


If there are issues you can start nsd in debug mode

    doas nsd -d -V 3


https://www.denic.de/en/service/tools/nast/



    $ORIGIN 1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa.
    @       3600    IN      SOA     ns1.ircnow.org. admin.ircnow.org. (
                    2020112906 1800 3600 1209600 3600 )
            3600    IN      NS      cherry.ircnow.org.
            3600    IN      NS      pear.ircnow.org.
            3600    IN      NS      mango.ircnow.org.
            3600    IN      NS      peach.ircnow.org.
            3600    IN      NS      banana.ircnow.org.
            3600    IN      NS      guava.ircnow.org.
            3600    IN      NS      jujube.ircnow.org.
            3600    IN      NS      plum.ircnow.org.
            3600    IN      NS      fig.ircnow.org.
            3600    IN      NS      orange.ircnow.org.
            3600    IN      NS      lemon.ircnow.org.
            3600    IN      NS      grape.ircnow.org.
            3600    IN      NS      coconut.ircnow.org.
    0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0         3600    IN      PTR     www.example.com.
    1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0         3600    IN      PTR     www.example.org.


In /var/nsd/etc/nsd.conf:

    zone:
            name: "1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"
            zonefile: "master/1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"
            include-pattern: "ircnow.org"


(:ifend:)