[conspire] missing rDNS for (intentionally missing) IPv6

Rick Moen rick at linuxmafia.com
Wed Mar 3 13:41:28 PST 2021


Quoting Tim Utschig (tim at tetro.net):

> Think they forgot to increment it this time and they reloaded the
> server thinking they were all finished? :-)  I admit I've made
> that same mistake too often.

Could be.  FYI, days later, it still doesn't resolve.

$ dig -t PTR 9.8.a.b.3.1.e.f.f.f.d.e.0.2.2.0.0.0.1.d.f.2.8.1.4.2.0.3.3.0.6.2.ip6.arpa. +short
$

(It's still NXDOMAIN.)

I still have the trouble ticket, and might pester them to see if they
can finally get a simple requested reference record done.

At the same time, given that the IPv6 address had been autoassigned
to my server when the crisis arose from that and caught my attention,
what guarantee is there that it would be the same IPv6 address if the
server got one again?  Or, to reframe the question, how do I make sure
the autoconfigured IPv6 assignment is deterministic?  This may require
mucking about in the details of my shiny new gateway box to get a better
grasp of this... stuff.  I see that Michael has posted separately
something about "IPv6 bits", which I appreciate. 

I'm sure with adequate preparation, IPv6 would cease biting me in the
tochis and motivating me every time to hit it with a big hammer to make
it go away for the time being.  I have a _reasonable_ grasp of the
topic, but even on that am a bit rusty because I just haven't worked
with it frequently.


> Seems like BIND, but it's a seekrit cause the version number is
> redacted.
> 
>   $ dig +short -c chaos -t txt version.bind. @dns101.comcast.net.
>   "[SECURED]"
>   $ dig +short -c chaos -t txt version.bind. @ns1-205.azure-dns.com.
>   $ 

Admittedly, I also mess with people who query that RR:

$ dig -c chaos -t txt version.bind @ns1.linuxmafia.com +short
"Shirley, you're joking"
$

No point in helping remote strangers doing resource discovery against my
attack surface.  (I'd let them get a serious answer if there were some
benefit to the public from that information, but the malicious uses
outweigh plausible benefits I can see.)




More information about the conspire mailing list