[Opendnssec-user] Reverse zones?
Olaf Kolkman
olaf at NLnetLabs.nl
Thu Mar 8 12:14:44 UTC 2012
On Mar 8, 2012, at 12:59 PM, Dick Visser wrote:
>>
>> While I understand the argument that an IPv4-reverse zone is trivially
>> enumerated, that will change when IPv6 becomes more common. Naively
>> trying every IP is just not feasible anymore. In that case NSEC will
>> actually be helpfull in finding adresses that are assigned.
try
dig @open.nlnetlabs.nl 0.6.0.2.0.8.b.7.0.1.0.0.2.ip6.arpa.
and
dig @open.nlnetlabs.nl 2.6.0.2.0.8.b.7.0.1.0.0.2.ip6.arpa.
The first query gives you NOERROR (and an empty answer session). This means that 0.6.0.2.0.8.b.7.0.1.0.0.2.ip6.arpa. the queried type (A) does not exist at this node, but the node itself does. The tree may have more depth.
The second query gives you NXDOMAIN which means it does not exist and that there are also no subdomains. The domain tree stops here.
Although these answers might be a bit implementation dependend it is trivial to enumerate an IPv6 address tree.
-Olaf
________________________________________________________
Olaf M. Kolkman NLnet Labs
http://www.nlnetlabs.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120308/aa4d27c1/attachment.bin>
More information about the Opendnssec-user
mailing list