User profile for user: ChrisJenkins
ChrisJenkins Author
User level: Level 1
80 points

Strange behaviour of OS X Server DNS with IPv6 reverse zones

I am running a full IPv4 / IPv6 dual stack setup across several machiens including a server (OS X 10.9.1 / OS X Server 3.0.2). I also have IPv6 Internet access via TunnelBroker and have a /64 prefix assigned to me. All my systems have valid and correct IPv6 addresses (not temporary ones) from the range denoted by that prefix.


I have setup IPv4 and IPv6 addresses for all my systems in OS X Server DNS and that works fine. However, when I add an IPv6 address for a system, the DNS server (or maybe the server GUI) insists on creating a reverse zone for the /127 version of the address. This means I pretty much have a separate reverse zone for every system, which seems crazy to me. it is especially annoying as I have another DNS server where all my zones are defined as slave zoes (for availability reasons) and thsi makes the process of addign a new IPv6 host somewhat tedious. I tried pre-creating a properly named reverse zone for the /64 prefix but the DNS server would not use that and still persists in creating these strange zones.


Here is a (fictitous example)...


My /64 prefix is 2001:fd0:f19:2ab::/64


I have a system with an address of 2001:fd0:f19:2ab:7e6d:62ff:fe8a:a84c


I add this to OS X Server DNS and it created the reverse DNS zone:


4.8.a.a.8.e.f.f.f.2.6.d.6.e.7.b.a.2.0.9.1.f.0.0.d.f.0.1.0.0.2.ip6.arpa


whereas I would expect it to instead add it to the zone


b.a.2.0.9.1.f.0.0.d.f.0.1.0.0.2.ip6.arpa


if that zone already exists.


Has anyone else noticed this? Or do you have it working as one might expect?

Mac mini, OS X Mavericks (10.9.1), OS X Server 3.0.2

Posted on Feb 25, 2014 6:39 AM

Reply
1 reply
User profile for user: sietec-server
sietec-server
User level: Level 1
4 points

Mar 10, 2014 8:42 PM in response to ChrisJenkins

Chris..


I, too, have the same problem. I take issue with much of the OS X "Server" after it has been so completely dummed down that it is virtually useless for anyone that would actually like to utilize it as an actual, as the name implies, "SERVER." I won't get into all of the details of everything that drives me crazy with Apple's decisions here but, suffice it to say, I am EXTREMELY DISAPPOINTED with Apple more than ever. They should, at a minimum, offer a full-fledged server like they used to have, for an additional price, for people that need more than a nice looking interface and a worthless box.


That being said, the DNS server, like the rest of the OS X Mavericks Server, is dummed down to the point of allowing very little customization. Short of using the command line, which I have decided to do (I scrapped the OS X server all together, and just set up BIND, openLDAP, DHCP, Quagga, etc. from the CLI just like I do with all of my Linux servers), there is not much you can do to get the correct prefixes to show up in IPv6 reverse zones. The reason is that when you enter the forward record, the interface does not give an option to enter the prefix. So, it seems that for EACH AND EVERY v6 entry (AAAA record) you have (or at least every 10 entries), you will get a separate reverse zone.


To be completely honest, I don't even know why they included IPv6 zones in this implementation because it is totally out of compliance with the RFCs and, obviously, will not provide proper and correct reverse lookups. How could it? As you pointed out above, with a /64 prefix, you're getting a 31 digit long reverse zone (which, btw, is a /124)...***??? I've never heard of such a thing. There should be 16 digits in a /64, 12 in a /48, 8 in /32 and so on.


I don't think it is anything to do with your using a tunnel broker -- all of our systems are native IPv6 and all reverse queries to the Mac Server fail.


I can tell you how to use the CLI to manually enter the zones with the serveradmin tool, if you like, but my advice is to just move to a full fledged BIND implementation .... and, if you want some type of interface other than the console, use something like Webmin which has a GREAT DNS zone interface...and it also keeps up with the RFC compliance.


Just message me back if you'd like the shell commands. I hate to say this, it literally pains me, but I administer a ton of servers (physical and virtualized)... roughly 1000 +- to be exact...and WINDOWS Server has a DNS server that is so much further ahead and ADVANCED than Mac, it is disgusting. In fact, we are running 12 Win Server 2012R2 Active Directory Domain Servers, each running synchronized DNS records and even with over 250,000 DNS records, it works like a champ. Still, our primary and fail-safe DNS servers are all BIND v9. Like I said, it is awful to say that about Mac, but dude, they need to wake up and either get back to the real-deal systems or just get out of the advanced product arena all together. (one exception...my new MacPRO is AWESOME and the most advanced piece of computing equipment money can buy for the price...so kudos there)


Sorry about the rant, but when i read your post, I was reminded how frustrated I am at all of this nonsense.


Take care...and good luck.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Strange behaviour of OS X Server DNS with IPv6 reverse zones

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up