[AusNOG] Reverse DNS Recommendations
Matt Taylor
matt at mty.net.au
Thu Dec 4 16:47:11 EST 2014
I wrote something very similar to what Damien said (completely
automating record generation using PowerDNS).
I used snmp with 1.3.6.1.2.1.4.20.1.2 ( ipAdEntIfIndex) and
1.3.6.1.2.1.31.1.1.1.1 (ifName) combined with some logic bound to each
device and some rules as to how your arpa files are generated (eg:
10.1.2.0/24's records would be sitting in 2.1.10.in-addr.arpa's zone),
and away you go.
In regards to IPv6 and auto generating records was slightly challenging
as I haven't found a way to do it using snmp yet (please ping me
off-list if you know an easier way), so I just parse the configuration
files which also works fine, but not as efficient as I'd want it to be.
The arpa records are handled differently too (not 1:1).
With however you name the records, I guess it's how you like it (or how
your companies naming convention is).
Happy to give some examples off-list.
Regards,
Matt.
On 4/12/2014 16:13, Damien Gardner Jnr wrote:
> Couple of jobs ago, we were generating our reverse DNS via a few mysql
> stored procedures behind powerdns, which directly queried our network
> management portal. Was extremely cool, though was finished only a few
> week before the company got sold and the new owners nuked everything.
> Format generated was devicename-interface.datacenter.state.domainname.
>
> i.e. bdr01-vlan309.syd01.nsw.domain.net
> <http://bdr01-vlan309.syd01.nsw.domain.net>. or bdr01-gi4-117, or
> sw12-vlan174.lax01.ca.domain.net
> <http://sw12-vlan174.lax01.ca.domain.net>. Probably could have done
> with country code in there as well but it was still very nicely
> readable in traceroutes, which is pretty much what this is all for,
> right? ;)
>
>
>
> On 4 December 2014 at 15:58, Beeson, Ayden <ABeeson at csu.edu.au
> <mailto:ABeeson at csu.edu.au>> wrote:
>
> I think Jacob is more referring to what to put for the reverse
> PTR's for devices that don't have clear single IP A/AAAA/PTR
> records, such as routers, vlans etc.
>
> What we have done here (or are doing, it's still in flux so I'm
> open to ANY other better suggestions) is to base the PTR on the IP
> / subnet it is serving.
>
> We have a single /16 IPv4 which for the most part is divided into
> /24's, so we are planning to basically reflect the IP directly.
>
> I.e. for 137.166.140.254 (the router for my subnet) we will call
> it gw-140 and insert relevant A and PTR records for this, for
> those with HSRP etc you can add -a / -b etc as well.
>
> I have adapted this for IPv6 as well for our /32, so for example
> 2405:2d00:301:2000::1 (my router again) becomes gw-301-2000
>
> It's not perfect, but at least it's predictable and repeatable.
> For the more specific subnets such as P2P /30, /31, /126 or /127's
> I haven't come up with a solid plan yet other than to scale this
> out to a longer name, or potentially go with a more descriptive name.
>
> It also wouldn't work if you had a whole bunch of separate network
> ranges, at least not in a small and easy fashion.
>
> Thanks,
> Ayden Beeson
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20141204/a00caa7f/attachment.html>
More information about the AusNOG
mailing list