[nsd-users] enumerate an ipv6 reverse zone in 2 minutes
anandb at ripe.net
Wed Dec 10 21:59:19 UTC 2014
On 10/12/14 22:32, A. Schulze wrote:
> till yesterday I thought it is impossible to find hosts in an ipv6
> subnet by asking the dns server.
> At least if I use random interface identifier.
> That assumption is wrong:
This is an old and well-known technique.
> dig @ns.nlnetlabs.nl. 0.0.0.9.b.4.0.a.2.ip6.arpa. ns -> NOERROR
> dig @ns.nlnetlabs.nl. 188.8.131.52.b.4.0.a.2.ip6.arpa. ns -> NXDOMAIN
> 2 queries to tell: there is no host in the subnet 2a04:b900:1000:0::/64
> there are no subnets in 2a04:b900:1000::/56
This is exactly how the name server is supposed to answer. In fact, not
only NSD, but all other protocol-compliant name servers, such as BIND,
Knot and PowerDNS, will all respond the same way. Look up the term
"empty non-terminal". This manner of response is not specific to NSD.
> My question: would it be possible to modify nsd to answer queries in a
> different way?
I don't think so. It would break the DNS protocol. But just out of
curiosity, what kind of response did you have in mind.
More information about the nsd-users