• Choose a category
• All
• Classic-Fiction

Those 48 potential levels will in practice be more like 2 or 3, but the concept may present interesting avenues for denial of service attacks. For more complete (and less prejudiced) documentation, see the BIND 9 doc directory.

DNAME records

DNS’s scheme for performing reverse IPv6 address lookups uses both traditional PTR records and records of a new, IPv6-specific type, DNAME. PTR records resolve the local bits of an IPv6 address to a particular hostname, and DNAME records determine which parts of the rest of the address are delegated to which organizations.

In IPv4, reverse mappings live in the in-addr.arpa domain and forward mappings live in the other branches of the domain tree (under com or edu, for example). In IPv6, the reverse mapping information is a bit more scattered. Some of it lives under the ip6.arpa domain and the rest is stored among the forward domains.

The components of names in the in-addr.arpa hierarchy represent the bytes of an IP address. For IPv6, DNS generalizes this scheme and allows name components to represent arbitrary sections of an address. Address sections can be any number of bits wide (for values of “any number” between 1 and 128) and are known as bitstrings.

Bitstrings are represented with a peculiar syntax known as a bitstring label. Let’s look at an example. All IPv6 unicast addresses begin with the three bits 001. To express this prefix in the language of bitstrings, we start with the binary number 001 and pad it out to a multiple of four bits: 0010. This computation give us the hex digit 2; the digit has three valid bits and one discard bit. The final bitstring is:

\[x2/3]

The backslash, square brackets, and x delimit every bitstring. The important parts are a series of hex digits (just one in this case, 2) and the length qualifier, /3. The length qualifier, which tells how many of the bits represented by the hex digits are really valid, is optional. If omitted, the bitstring defaults to its natural length as determined by the number of hex digits (here, 4 bits).

Even if your bitstrings end at a hex-digit boundary, it’s a good idea to include the length qualifier. Otherwise, the readers of your DNS files will go blind from counting long strings of tiny little hex digits.

The leftmost bits of a hex string are the significant ones. Extra bits used to pad out the rightmost hex digit are simply discarded. Pad bits must be 0s.

Because all unicast IPv6 addresses share the same 001 prefix, the effective top-level domain for IPv6 reverse mappings is \[x2/3].ip6.arpa.

Here is a more complete example. The lines below show three different representations of the same address: the first undivided, the second divided into three pieces (3/45/80), and the third divided into four pieces (3/13/32/80).9

As address chunks get shifted around, their hex representations change completely—it’s still the same bits underneath, however. bc is your friend for bit twiddling.

\[x3ffe8050020100090a0020fffe812b32/128].ip6.arpa.

\[x00090a0020fffe812b32/80].\[xfff402801008/45].\[x2/3].ip6.arpa.

\[x00090a0020fffe812b32/80].\[x80500201/32].\[xfff0/13].\[x2/3].ip6.arpa

As with IPv4 in-addr.arpa zones, individual numbers read from left to right and components (dot-separated chunks) read from right to left. The first component on the second and third lines above is the local part of the address. It represents the low-order 80 bits of the address and consists of the hex digits 00090a0020fffe812b32. Here are the same three lines again with the local part of the address boldfaced:

\[x3ffe8050020100090a0020fffe812b32/128].ip6.arpa.

\[x00090a0020fffe812b32/80].\[xfff402801008/45].\[x2/3].ip6.arpa.

\[x00090a0020fffe812b32/80].\[x80500201/32].\[xfff0/13].\[x2/3].ip6.arpa

The /3 in the second line says that the first three of the four bits in the hex digit 2 are valid parts of the address. The /45 in the second line means that the first 45 of the 48 bits present in the hex string fff402801008 are valid