GestióIP IPv6 resources


Setup IPv6 reverse delegation

How to calculate which reverse zones/ip6.arpa domains are relevant to a given IPv6 address block

The mapping of IPv6 reverse DNS zones must be made on nibble boundaries. That means, that if your official IPv6 address block does not have a prefix length divisible by 4, you have to split it in multiple reverse zones. GestióIP's free online subnet calculator includes a reverse zone generator which permits to easily map a given IPv6 address block in the corresponding reverse zones. The tool can be used for networks on nibble boundaries as well as networks on non-nibble boundaries.


Nibble boundary

A "nibble" represents a block of four bits (in the same way that 1 byte represents 8 bits). The following two images show the bit distribution for network 2001:db8::/48 and network 2001:db8::/29 (prefix length /48 means, that you use the first 48 bits of the IPv6 address for the prefix part). The prefix part appears in black characters. Prefix length /48 falls on the nibble boundary between the fourth nibble of the third address field and the first nibble of the fourth address field (Fig. 1). Prefix length /29 falls on a non-nibble boundary within the fourth nibble of the second address field (Fig. 2).

calculate prefix length

Fig. 1: Prefix lenght /48 falls on a nibble boundary

        calculate prefix length

Fig. 2: Prefix lenght /29 falls on a non-nibble boundary


Example of a reverse delegation for domains on nibble boundaries:

You have been allocated the address block 2001:db8::/48. As a prefix length of 48 is divisible by 4, you can map your address block directly to one corresponding ipv6.arpa domain.

Calculate the IPv6 address range: Introduce your allocated address block, select a prefix length and press "calculate".

calculate prefix length


The subnet calculator shows the ipv6.arpa format of the introduced IPv6 address. The prefix part appears in blue characters.

calculate prefix length

Use only the prefix part for the reverse delegation. The reverse zone for the address block 2001:db8::/48 is 0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.


Usage examples:

If you want to register your reverse zones by a RIR (IANA, ICANN, APNIC, ARIN, LACNIC, RIPE NCC), a NIR or a LIR you will have to create a domain object for the reverse zones. The domain attribute of the domain object for the reverse zone of the whole network 2001:db8::/48 would be 0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.

A BIND reverse zone file might have the following format:

$TTL	1h
$ORIGIN 0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
@           IN SOA  ns1.example.org. root.example.org. (
			2012122101; serial
			24h; refresh
			2h; retry
			1000h; expire
			2d; minimum
			) 

	IN	NS	ns1.example.org.
	IN	NS	ns2.example.org.

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0	IN PTR server.example.org.

The correspondent entry in named.conf:
zone "0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa" {
	type master;
	file "/path/to/0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa";
	allow-update { none; };
};


The same for tinydns:

### SOA 0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
Z0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa:ns1.example.org:root.example.org:2012122101:14400:7200:1000h:172800:3600
### Nameserver 8.b.d.0.1.0.0.2.ip6.arpa
&0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa::ns1.example.org:3600
&0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa::ns2.example.org:3600
### A/PTR entries
6test1.example.org.:20010db8000000000000000000000001:3600



Example of a reverse delegation for domains on non-nibble boundaries:

You have been allocated the address block 2001:db8::/29. As the prefix length 29 is on a non-nibble boundary, you have to find the next bigger prefix length that is divisible by 4.

Calculate the IPv6 address range: Introduce your allocated address block, select a prefix length and press "calculate".

calculate prefix length


In the case that the prefix lenght is on a non-nibble boundary, the ipv6.arpa format of the introduced IPv6 address appears as a link.

calculate prefix length

Click over the ipv6.arpa address to show the complete list of the correspondent ip6.arpa domains/reverse zones.

reverse zones



Usage examples:

The domain attribute of the domain objects you would need to register by a RIR would be the following list of eight ipv6.arpa domains:


For BIND you would need to create the following eight reverse zone files to map the whole address block:

Reverse Zone 8.b.d.0.1.0.0.2.ip6.arpa

$TTL	1h
$ORIGIN 8.b.d.0.1.0.0.2.ip6.arpa.
@           IN SOA  ns1.example.org. root.example.org. (
			2012122601; serial
			24h; refresh
			2h; retry
			1000h; expire
			2d; minimum
			) 

	IN	NS	ns1.example.org.
	IN	NS	ns2.example.org.

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0	IN PTR server.example.org.

The correspondent entry in named.conf:
zone "8.b.d.0.1.0.0.2.ip6.arpa" {
	type master;
	file "/path/to/8.b.d.0.1.0.0.2.ip6.arpa";
	allow-update { none; };
};
==================================================================

Reverse Zone 9.b.d.0.1.0.0.2.ip6.arpa

$TTL	1h
$ORIGIN 9.b.d.0.1.0.0.2.ip6.arpa.
@           IN SOA  ns1.example.org. root.example.org. (
			2012122601; serial
			24h; refresh
			2h; retry
			1000h; expire
			2d; minimum
			) 

	IN	NS	ns1.example.org.
	IN	NS	ns2.example.org.

The correspondent entry in named.conf:
zone "9.b.d.0.1.0.0.2.ip6.arpa" {
	type master;
	file "/path/to/9.b.d.0.1.0.0.2.ip6.arpa";
	allow-update { none; };
};
==================================================================

Reverse Zone a.b.d.0.1.0.0.2.ip6.arpa

$TTL	1h
$ORIGIN a.b.d.0.1.0.0.2.ip6.arpa.
@           IN SOA  ns1.example.org. root.example.org. (
			2012122601; serial
			24h; refresh
			2h; retry
			1000h; expire
			2d; minimum
			) 

	IN	NS	ns1.example.org.
	IN	NS	ns2.example.org.

The correspondent entry in named.conf:

zone "a.b.d.0.1.0.0.2.ip6.arpa" {
	type master;
	file "/path/to/a.b.d.0.1.0.0.2.ip6.arpa";
	allow-update { none; };
};
==================================================================

Reverse Zone b.b.d.0.1.0.0.2.ip6.arpa

$TTL	1h
$ORIGIN b.b.d.0.1.0.0.2.ip6.arpa.
@           IN SOA  ns1.example.org. root.example.org. (
			2012122601; serial
			24h; refresh
			2h; retry
			1000h; expire
			2d; minimum
			) 

	IN	NS	ns1.example.org.
	IN	NS	ns2.example.org.

The correspondent entry in named.conf:

zone "b.b.d.0.1.0.0.2.ip6.arpa" {
	type master;
	file "/path/to/b.b.d.0.1.0.0.2.ip6.arpa";
	allow-update { none; };
};
==================================================================

Reverse Zone c.b.d.0.1.0.0.2.ip6.arpa

$TTL	1h
$ORIGIN c.b.d.0.1.0.0.2.ip6.arpa.
@           IN SOA  ns1.example.org. root.example.org. (
			2012122601; serial
			24h; refresh
			2h; retry
			1000h; expire
			2d; minimum
			) 

	IN	NS	ns1.example.org.
	IN	NS	ns2.example.org.

The correspondent entry in named.conf:

zone "c.b.d.0.1.0.0.2.ip6.arpa" {
	type master;
	file "/path/to/c.b.d.0.1.0.0.2.ip6.arpa";
	allow-update { none; };
};
==================================================================

Reverse Zone d.b.d.0.1.0.0.2.ip6.arpa

$TTL	1h
$ORIGIN d.b.d.0.1.0.0.2.ip6.arpa.
@           IN SOA  ns1.example.org. root.example.org. (
			2012122601; serial
			24h; refresh
			2h; retry
			1000h; expire
			2d; minimum
			) 

	IN	NS	ns1.example.org.
	IN	NS	ns2.example.org.

The correspondent entry in named.conf:

zone "d.b.d.0.1.0.0.2.ip6.arpa" {
	type master;
	file "/path/to/d.b.d.0.1.0.0.2.ip6.arpa";
	allow-update { none; };
};
==================================================================

Reverse Zone e.b.d.0.1.0.0.2.ip6.arpa

$TTL	1h
$ORIGIN e.b.d.0.1.0.0.2.ip6.arpa.
@           IN SOA  ns1.example.org. root.example.org. (
			2012122601; serial
			24h; refresh
			2h; retry
			1000h; expire
			2d; minimum
			) 

	IN	NS	ns1.example.org.
	IN	NS	ns2.example.org.

The correspondent entry in named.conf:

zone "e.b.d.0.1.0.0.2.ip6.arpa" {
	type master;
	file "/path/toe.b.d.0.1.0.0.2.ip6.arpa";
	allow-update { none; };
};
==================================================================

Reverse Zone f.b.d.0.1.0.0.2.ip6.arpa

$TTL	1h
$ORIGIN f.b.d.0.1.0.0.2.ip6.arpa.
@           IN SOA  ns1.example.org. root.example.org. (
			2012122601; serial
			24h; refresh
			2h; retry
			1000h; expire
			2d; minimum
			) 

	IN	NS	ns1.example.org.
	IN	NS	ns2.example.org.

The correspondent entry in named.conf:

zone "f.b.d.0.1.0.0.2.ip6.arpa" {
	type master;
	file "/path/to/f.b.d.0.1.0.0.2.ip6.arpa";
	allow-update { none; };
};


And the same for tinydns

### SOA 8.b.d.0.1.0.0.2.ip6.arpa
Z8.b.d.0.1.0.0.2.ip6.arpa:ns1.example.org:root.example.org:2012122601:14400:7200:1000h:172800:3600
### Nameserver 8.b.d.0.1.0.0.2.ip6.arpa
&8.b.d.0.1.0.0.2.ip6.arpa::ns1.example.org:3600
&8.b.d.0.1.0.0.2.ip6.arpa::ns2.example.org:3600
### A/PTR entries
6server.example.org.:20010db8000000000000000000000001:3600

### SOA 9.b.d.0.1.0.0.2.ip6.arpa
Z9.b.d.0.1.0.0.2.ip6.arpa:ns1.example.org:root.example.org:2012122601:14400:7200:1000h:172800:3600
### Nameserver 9.b.d.0.1.0.0.2.ip6.arpa
&9.b.d.0.1.0.0.2.ip6.arpa::ns1.example.org:3600
&9.b.d.0.1.0.0.2.ip6.arpa::ns2.example.org:3600

### SOA a.b.d.0.1.0.0.2.ip6.arpa
Za.b.d.0.1.0.0.2.ip6.arpa:ns1.example.org:root.example.org:2012122601:14400:7200:1000h:172800:3600
### Nameserver a.b.d.0.1.0.0.2.ip6.arpa
&a.b.d.0.1.0.0.2.ip6.arpa::ns1.example.org:3600
&a.b.d.0.1.0.0.2.ip6.arpa::ns2.example.org:3600

### SOA b.b.d.0.1.0.0.2.ip6.arpa
Zb.b.d.0.1.0.0.2.ip6.arpa:ns1.example.org:root.example.org:2012122601:14400:7200:1000h:172800:3600
### Nameserver b.b.d.0.1.0.0.2.ip6.arpa
&b.b.d.0.1.0.0.2.ip6.arpa::ns1.example.org:3600
&b.b.d.0.1.0.0.2.ip6.arpa::ns2.example.org:3600

### SOA c.b.d.0.1.0.0.2.ip6.arpa
Zc.b.d.0.1.0.0.2.ip6.arpa:ns1.example.org:root.example.org:2012122601:14400:7200:1000h:172800:3600
### Nameserver c.b.d.0.1.0.0.2.ip6.arpa
&c.b.d.0.1.0.0.2.ip6.arpa::ns1.example.org:3600
&c.b.d.0.1.0.0.2.ip6.arpa::ns2.example.org:3600

### SOA d.b.d.0.1.0.0.2.ip6.arpa
Zd.b.d.0.1.0.0.2.ip6.arpa:ns1.example.org:root.example.org:2012122601:14400:7200:1000h:172800:3600
### Nameserver d.b.d.0.1.0.0.2.ip6.arpa
&d.b.d.0.1.0.0.2.ip6.arpa::ns1.example.org:3600
&d.b.d.0.1.0.0.2.ip6.arpa::ns2.example.org:3600

### SOA e.b.d.0.1.0.0.2.ip6.arpa
Ze.b.d.0.1.0.0.2.ip6.arpa:ns1.example.org:root.example.org:2012122601:14400:7200:1000h:172800:3600
### Nameserver e.b.d.0.1.0.0.2.ip6.arpa
&e.b.d.0.1.0.0.2.ip6.arpa::ns1.example.org:3600
&e.b.d.0.1.0.0.2.ip6.arpa::ns2.example.org:3600

### SOA f.b.d.0.1.0.0.2.ip6.arpa
Zf.b.d.0.1.0.0.2.ip6.arpa:ns1.example.org:root.example.org:2012122601:14400:7200:1000h:172800:3600
### Nameserver f.b.d.0.1.0.0.2.ip6.arpa
&f.b.d.0.1.0.0.2.ip6.arpa::ns1.example.org:3600
&f.b.d.0.1.0.0.2.ip6.arpa::ns2.example.org:3600