[AusNOG] Reverse DNS Recommendations

Matt Taylor matt at mty.net.au
Thu Dec 4 16:47:11 EST 2014


I wrote something very similar to what Damien said (completely 
automating record generation using PowerDNS).

I used snmp with 1.3.6.1.2.1.4.20.1.2 ( ipAdEntIfIndex) and 
1.3.6.1.2.1.31.1.1.1.1 (ifName) combined with some logic bound to each 
device and some rules as to how your arpa files are generated (eg: 
10.1.2.0/24's records would be sitting in 2.1.10.in-addr.arpa's zone), 
and away you go.

In regards to IPv6 and auto generating records was slightly challenging 
as I haven't found a way to do it using snmp yet (please ping me 
off-list if you know an easier way), so I just parse the configuration 
files which also works fine, but not as efficient as I'd want it to be. 
The arpa records are handled differently too (not 1:1).

With however you name the records, I guess it's how you like it (or how 
your companies naming convention is).

Happy to give some examples off-list.

Regards,
Matt.

On 4/12/2014 16:13, Damien Gardner Jnr wrote:
> Couple of jobs ago, we were generating our reverse DNS via a few mysql 
> stored procedures behind powerdns, which directly queried our network 
> management portal.  Was extremely cool, though was finished only a few 
> week before the company got sold and the new owners nuked everything. 
> Format generated was devicename-interface.datacenter.state.domainname.
>
> i.e. bdr01-vlan309.syd01.nsw.domain.net 
> <http://bdr01-vlan309.syd01.nsw.domain.net>. or bdr01-gi4-117, or 
> sw12-vlan174.lax01.ca.domain.net 
> <http://sw12-vlan174.lax01.ca.domain.net>. Probably could have done 
> with country code in there as well but it was still very nicely 
> readable in traceroutes, which is pretty much what this is all for, 
> right? ;)
>
>
>
> On 4 December 2014 at 15:58, Beeson, Ayden <ABeeson at csu.edu.au 
> <mailto:ABeeson at csu.edu.au>> wrote:
>
>     I think Jacob is more referring to what to put for the reverse
>     PTR's for devices that don't have clear single IP A/AAAA/PTR
>     records, such as routers, vlans etc.
>
>     What we have done here (or are doing, it's still in flux so I'm
>     open to ANY other better suggestions) is to base the PTR on the IP
>     / subnet it is serving.
>
>     We have a single /16 IPv4 which for the most part is divided into
>     /24's, so we are planning to basically reflect the IP directly.
>
>     I.e. for 137.166.140.254 (the router for my subnet) we will call
>     it gw-140 and insert relevant A and PTR records for this, for
>     those with HSRP etc you can add -a / -b etc as well.
>
>     I have adapted this for IPv6 as well for our /32, so for example
>     2405:2d00:301:2000::1 (my router again) becomes gw-301-2000
>
>     It's not perfect, but at least it's predictable and repeatable.
>     For the more specific subnets such as P2P /30, /31, /126 or /127's
>     I haven't come up with a solid plan yet other than to scale this
>     out to a longer name, or potentially go with a more descriptive name.
>
>     It also wouldn't work if you had a whole bunch of separate network
>     ranges, at least not in a small and easy fashion.
>
>     Thanks,
>     Ayden Beeson
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20141204/a00caa7f/attachment.html>


More information about the AusNOG mailing list