IPv6 rDNS PTR propagation

Kim Bjoern

New Member
Feb 26, 2020
16
1
3
Denmark
Fellow home-lab nerds!

I recently got IPv6 on my fiber, and my ISP (kviknet.dk) provided a /48 prefix, and registered the PTR zone on the backbone pointing to nameservers in my registered domain.

Code:
$ dig 5.0.1.b.4.0.0.4.6.0.a.2.ip6.arpa ns

; <<>> DiG 9.16.22-Debian <<>> 5.0.1.b.4.0.0.4.6.0.a.2.ip6.arpa ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61788
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;5.0.1.b.4.0.0.4.6.0.a.2.ip6.arpa. IN    NS

;; ANSWER SECTION:
5.0.1.b.4.0.0.4.6.0.a.2.ip6.arpa. 21600    IN NS    ns1.opinion2.biz.
5.0.1.b.4.0.0.4.6.0.a.2.ip6.arpa. 21600    IN NS    ns1.ipv6.opinion2.biz.

;; Query time: 144 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Jan 20 10:21:03 CET 2022
;; MSG SIZE  rcvd: 114
My goal now is to skip the fixed public IPv4 address I also have (with a monthly fee), and after fiddling wit IP6, DNS, UDP, TCP, FWL etc. - I developed a bit of 20/20 OCD!

I configured a BIND service on a linux VM with zones on a number of VLANs, including the reverse zone.

Ive been beating a bunch of online DNS Lookup and propagation services, I got the he.net sage certification (still waiting for the t-shirt ;)), and lastly; checking client PTR with IPv6 test - IPv6/4 connectivity and speed test in quest of the holy 20/20! And succeeded - except:

Strangely enough, it appears as if the holy 20/20 is only achieved if the reverse IPv6 zone can be queried by IPv4 o_O
Can anyone confirm this??

Or is it because the ISP nameservers isn't fully up to IPv6 speed??

Code:
$ dig @2620:fe::fe -x 2a06:4004:b105:100::13 +trace

snip...

;; Received 451 bytes from 193.0.9.2#53(f.ip6-servers.arpa) in 16 ms

4.0.0.4.6.0.a.2.ip6.arpa. 172800 IN    NS    ns1.kviknet.dk.
4.0.0.4.6.0.a.2.ip6.arpa. 172800 IN    NS    ns2.kviknet.dk.
4.0.0.4.6.0.a.2.ip6.arpa. 3600    IN    NSEC    5.0.0.4.6.0.a.2.ip6.arpa. NS RRSIG NSEC
4.0.0.4.6.0.a.2.ip6.arpa. 3600    IN    RRSIG    NSEC 13 10 3600 20220201103001 20220118090001 57223 0.a.2.ip6.arpa. KnMoer1nM72uvBi/Ydz78VG2sqCuZclCc6yIPIUiYSgFa+TNbQzcm6CY iJXJkOIPrrEz2+VQWpkLLLIvbURbgg==
;; Received 355 bytes from 204.61.216.100#53(ns3.afrinic.net) in 16 ms

5.0.1.b.4.0.0.4.6.0.a.2.ip6.arpa. 86400    IN NS    ns1.opinion2.biz.
5.0.1.b.4.0.0.4.6.0.a.2.ip6.arpa. 86400    IN NS    ns1.ipv6.opinion2.biz.
;; Received 154 bytes from 185.107.12.58#53(ns1.kviknet.dk) in 12 ms

3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.5.0.1.b.4.0.0.4.6.0.a.2.ip6.arpa. 21600    IN PTR ns1.opinion2.biz.
5.0.1.b.4.0.0.4.6.0.a.2.ip6.arpa. 21600    IN NS    ns1.ipv6.opinion2.biz.
5.0.1.b.4.0.0.4.6.0.a.2.ip6.arpa. 21600    IN NS    ns1.opinion2.biz.
;; Received 224 bytes from 2a06:4004:b105:100::13#53(ns1.opinion2.biz) in 0 ms
Likewise, if I check propagation of IPv6 PTR records, I score 99% across the globe - as long as one of the nameservers has a valid A record. If both nameservers only respond to AAAA records, the "global propagation" is <10%

Is this to expect?? If so, there is a long way to IPv6 only

/Kim Bjoern, Denmark