Self Hosted: DNS zone problem with VPS and /32 subnet

I’ve had my domains for almost 20 years now, but they’ve always been hosted elsewhere.

So recently, I bought 2 VPS to run a self hosted setup. This domain has never been used - it’s my test domain… anyway that’s not the issue.

The issue I’m having is in creating DNS zone files in BIND9. BIND9 expects classful addressing. However, I only have an IPv4 and a IPv6 per VPS. The VPS has IP addresses with a /32 and a /128 subnet mask respectively.

The VPS I’m using are on an OpenVZ setup. Here’s what my ifconfig looks like, but I’ve redacted my IPs.

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
inet6 addr: ####:####:##::#:####/128 Scope:Global
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:145839 errors:0 dropped:0 overruns:0 frame:0
TX packets:130786 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:36863866 (35.1 MiB) TX bytes:13206609 (12.5 MiB)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:###.###.###.### P-t-P:###.###.###.### Bcast:###.###.###.### Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

Anyway, I’m all confused about how to setup DNS zones, as I want to run my own DNS server. Yeah I’m aware of Amazon Route53, or having my VPS host or GoDaddy, or whoever do the DNS for me.

Specifically, I’m confused about the Reverse Zone settings. I’ve been googling, but can’t find an example of what I should do to make it work. I’ve seen some things for /25-/29 subnets, but I wasn’t sure how to extrapolate that to a /32 subnet.

Anyway, if anyone has some example zone files and conf files, or a link, or other info, I’d appreciate it.

Thanks,
-nb

First, here is a tutorial from Digital Ocean for creating an authoritative-only DNS server:

And for reverse lookup, you need to use or contact your VPS hosting provider. They need to support and change it for you.

Hmm... so do I just not have a reverse zone file on my DNS server? My VPS are named with the FQDN on the DNS side, but I haven't pointed my registrar to those addresses yet.

You can see it this way:
- The reverse lookup file is maintained by the hosting provider of the VPS. So you have to ask, or have permission to update it in THER system.
- The forward lookup file (the DNS -> IP records of your domain) you can host on your VPS. If you (can) edit your domain hosting settings (ns records) to point to you VPS. So if someone is looking for the IP of your domain name they come to your VPS. But be careful, most of the time these days registers of domains require that you have 2 different IP address as primary name servers (you can use a single VPS with 2 IP's if you want ;) ).

As mentioned in the original post, I have 2 VPS for this express purpose.

vps1.mydomain.blargh - primary DNS and webserver
vps2.mydomain.blargh - secondary DNS and mail server
I'll probably use the primary for VPN, maybe both.

Since you want to have a point to point connection, you will need to use a /30 subnet mask. Depending on the service, your VPS might be on a larger subnet though.

A /32 is not a usable subnet, as it only has one IP, which ends up being the network address. /30 has 4 IP's, which has a network address, broadcast address, and 2 usable IP addresses.

The same applies for the v6, a /128 only has one IP, so you need to at least use a /126.

I don't have a choice. A /32 subnet is what was configured for my VPS by the hosting provider. And it is a valid IP. I can connect to the VPSs by SSH. They obviously do this to conserve IP addresses.

For the ipv6 address, I can request up to 6 addresses, probably a /125, but I don't need the IP's and what would the space really do for me?

I just need an example config for /32 and /128 subnets for reverse zone configs in BIND9. Or, if no reverse zone file is needed because there cannot be any other reverse resolution than the forward one, I'd like to know if that is OK and what that reverse zone config file would look like.