Configuring rDNS using NSD

We can configure our rDNS using nsd, an authoritative name server. nsd comes as part of openbsd base so no installation will be necessary.

NOTICE: This guide assumes you have already configured nsd for forward DNS resolution.

IPv6 Subnet

Suppose we have been delegated the rDNS zone for our IPv6 subnet, 2001:550:3402:1:143::/80. To find out our zone, we need to fill in all the missing zeros, put periods between each digit, reverse the digits, then add ip6.arpa:

2001:550:3402:1:143:: # original subnet
2001:0550:3402:0001:0143:: # fill in the missing zeros
2.0.0.1.0.5.5.0.3.4.0.2.0.0.0.1.0.1.4.3 # add periods between each digit
3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2 # reverse the digits
3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa # add ip6.arpa

Zone File

Now we must create the zone file in /var/nsd/zones/master/3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa:

$ORIGIN 3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa.
@       3600    IN      SOA     ns1.ircnow.org. admin.ircnow.org. (
                2021020105 1800 3600 1209600 3600 )
        3600    IN      NS      ns1.jrmu.coconut.ircnow.org.
        3600    IN      NS      ns2.jrmu.coconut.ircnow.org.
0.0.0.0.0.0.0.0.0.0.0.0         3600    IN      PTR     user1.coconut.ircnow.org.
1.0.0.0.0.0.0.0.0.0.0.0         3600    IN      PTR     user2.coconut.ircnow.org.

/var/nsd/etc/nsd.conf

Now we only need to add this section to /var/nsd/etc/nsd.conf:

zone:
        name: "3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"
        zonefile: "master/3.4.1.0.1.0.0.0.2.0.4.3.0.5.5.0.1.0.0.2.ip6.arpa"

Restart nsd and test

$ doas rcctl restart nsd

We can test using host? or dig:

host 2001:550:3402:1:143::1 <nameserver-ip>

Replace <nameserver-ip> with your actual nameserver IP. Once you have confirmed this is working, you can then ask to have your zone delegated to your nameserver.

You can then test if both forward and reverse DNS lookup work by using netcat to connect to IRC.