HZNET Logo
Horizonal Line

Tools

IPv6

  • Generate unique local IPv6 unicast addresses (ULA)
    (See also RFC 4193)
    or
  • create one via the online tool on the kame website.
  • You could also register your Unique local Unicast addresse on a website maintained by the non profit SixXS project.

  • A shell skript to set up a 6to4 tunnel on a Linux host

  • gen6dns is a tool to generate static DNS records (AAAA and PTR) for hosts using Stateless Address Autoconfig (SLAAC).
    If you have a list of hostnames, mac addresses and ipv6 subnets gen6dns generates the appropriate AAAA and PTR records for you.
    It supports different scopes and the generation of view (split) specific files.
    $ cat subnet.txt
    #
    #	A file to define Subnet names and IDs
    #
    %%SUBNET SECTION
    #name	subnetid
    srv	:a0b1:
    clt	:a0b2:
    dmz	:0001:
    lo	:0:
    mgmtlo	:f000:
    
    $ cat scope.txt
    #
    #	A file for scope definitions (domain names, views and matching prefixes)
    #
    %%SCOPE SECTION
    #name		view	domain			matchprefix
    prov1		*	example.de.		2003::/19	# telekom
    prov2		*	example.de.		2a00::/22	# vodafone (arcor)
    allpub		none	example.de.		2000::/3	# match on any public prefix
    mgmt		intern	mgmt.example.de.	fd00::/8
    
    $ cat hosts.txt
    #
    #	A file with host names, IID (mac address or interface identifier) and related subnet id
    #
    %% HOST SECTION
    #name		int_id / mac_address	subnet_id	scope
    
    horst		00:17:53:85:80:3b	clt		[prov1, prov2]
    ns1		::53			srv		[prov1]
    ns2		::d9b2:56f3:7694:1c5c	srv		[prov2]
    hugo <24h>	00:13:35:a2:91:f4	:1:		[prov1, prov2, mgmt]
    gustav.test	0013.35a2.91f5		:1:		[mgmt]
    rtr1		::100b:0:0:1		lo		[mgmt]
    
    With these input files forward and reverse dns record sets can be generated and stored in a couple of output files:
    $ gen6dns -w -S -p 2003:db8:A::/48 -p 2a00:b8:B::/48 -p fda9:60e9:b504::/48 subnet.txt scope.txt hosts.txt 
    $ ls g6*
    g6d.example.de.
    g6d_intern.mgmt.example.de.
    g6r.0
    g6r_intern.0
    
    $ for f in  g6*; do echo "# $f"; cat $f; echo; done
    # g6d.example.de.
    horst                		IN  AAAA	2003:db8:a:a0b2:217:53ff:fe85:803b 
    horst                		IN  AAAA	2a00:b8:b:a0b2:217:53ff:fe85:803b 
    ns1                  		IN  AAAA	2003:db8:a:a0b1::53 
    ns2                  		IN  AAAA	2a00:b8:b:a0b1:d9b2:56f3:7694:1c5c 
    hugo                 	  86400	IN  AAAA	2003:db8:a:1:213:35ff:fea2:91f4 
    hugo                 	  86400	IN  AAAA	2a00:b8:b:1:213:35ff:fea2:91f4 
    
    # g6d_intern.mgmt.example.de.
    hugo                 	  86400	IN  AAAA	fda9:60e9:b504:1:213:35ff:fea2:91f4 
    gustav.test          		IN  AAAA	fda9:60e9:b504:1:213:35ff:fea2:91f5 
    rtr1                 		IN  AAAA	fda9:60e9:b504:0:100b::1 
    
    # g6r.0
    b.3.0.8.5.8.e.f.f.f.3.5.7.1.2.0.2.b.0.a          IN  PTR	horst.example.de. 
    3.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.b.0.a          IN  PTR	ns1.example.de. 
    c.5.c.1.4.9.6.7.3.f.6.5.2.b.9.d.1.b.0.a          IN  PTR	ns2.example.de. 
    4.f.1.9.2.a.e.f.f.f.5.3.3.1.2.0.1.0.0.0    86400 IN  PTR	hugo.example.de. 
    
    # g6r_intern.0
    4.f.1.9.2.a.e.f.f.f.5.3.3.1.2.0.1.0.0.0    86400 IN  PTR	hugo.mgmt.example.de. 
    5.f.1.9.2.a.e.f.f.f.5.3.3.1.2.0.1.0.0.0          IN  PTR	gustav.test.mgmt.example.de. 
    1.0.0.0.0.0.0.0.0.0.0.0.b.0.0.1.0.0.0.0          IN  PTR	rtr1.mgmt.example.de. 
    
    The generated filenames have a prefix of "g6d" for forward (AAAA), and "g6r" for reverse (PTR) RR.

    There are some other options and mode of operations:

    usage: gen6dns -h|-V
    usage: gen6dns -R [-b mask] 
    usage: gen6dns [-f] [-s|-S] [-w|-a] [-t ttl] [-D] [-C] {-p prefix |-6 ipv4addr } [file ...]
    usage: gen6dns [-r] [-b mask] [-w|-a] [-t ttl] [-D] [-C] [-o origin] {-p prefix |-6 ipv4addr } [file ...]
    usage: gen6dns -d [-l label] [-t ttl] [-D] [-C] [-o origin] {-p prefix} {-P prefix} [file ...]
    	-h, --help		 print out this help message 
    	-V, --version		 print out version and exit 
    	-R, --revzone		 print the ip6.arpa zone of the given prefix 
    	-v, --verbose		 give some hints about what's going on in the background 
    				 use -v more than once increases the verbosity (up to level 2)
    	-D, --delim[=char]	 use  additionally to white space as delimiter (default is ';')
    	-C, --comment[=char]	 use  as comment character (default is '#')
    	-s, --squeeze		 print ipv6 addresses w/o leading zeros (like 2001:db8:0:0:0:0:0:1/128)
    	-S, --full-squeeze	 compress ipv6 address slightly more (like 2001:db8::1/128)
    	-t, --ttl 	 specify ttl of RR (default is none or the host specific one)
    				 known ttl units are s(ecs), m(ins), h(ours), d(ays) or w(eeks) 
    	-d, --ddns-update	 print dynamic update messages to stdout (this implies -f) 
    	-f, --forward		 generate AAAA records for forward zone only 
    	-r, --reverse		 generate PTR records for reverse zone only
    				 The default is to generate forward and reverse zone entries
    				 (The use of the -w switch is highly recommended then)
    	-b, --bits[=mask]	 split zone files on  boundary (default is prefix size)
    	-l, --lookup=label	 The update add/del is done only for the host matching "label" 
    	-w, --write		 write output to files instead of stdout
    				 filename is g6d. for the forward or g6r.0000 for the reverse zone
    				 This option potentially generates a lot of files (up to the compiled in # of 128)
    	-a, --append		 same as -w but append to the files instead of overwriting 
    	-o, --origin=zone	 specify forward domain (default is example.net.)
    	-p, --add-prefix=prefix	 network prefix to add (default is 2001:db8::/48)
    	-P, --del-prefix=prefix	 network prefix to delete (default is none)
    	-6, --6to4=ipv4		 same as -p but argument is an ipv4 address
    				 resulting prefix is a 6to4 prefix (2002:ipv4:addr::/48)
    
    The current version is available as tar archive gen6dns-1.2.tar.gz.

    DNS/DNSSEC

  • Zone Key Tool
    A DNSSEC zone key management tool kit
  • Zone Key Tool Version 2
    A DNSSEC zone key management tool kit working with BINDs Smart Signing feature (Alpha)
  • Create a trusted key section
  • ddnsupd
    A shell skript to update the current public IP addresses of an host in the DNS.
    It uses dynamic DNS update messages (RFC2136) secured by TSIG or SIG(0) keys (RFC3007).

    This command is typically run by the NetworkManager(8) whenever an interface up event occurs.
    The following script can be stored in /etc/NetworkManager/dispatch.d to achieve this.

    #!/bin/sh -e
    # Script to dispatch NetworkManager events
    #
    # Try to update DNS with actual hostname/IP address
    #
    # Install this in /etc/NetworkManager/dispatcher.d
    # See NetworkManager(8) for more details
    #
    
    # set path to ddns-update skript
    ddnsupdate="/usr/local/bin/ddnsupd"
    
    if [ -z "$1" ]; then
        echo "$0: called with no interface" 1>&2
        exit 1;
    fi
    
    # Run the right scripts
    case "$2" in
        up|vpn-up)
    	$ddnsupdate -v -i $1 add
    	;;
        down|vpn-down)
    	;;
        pre-up)
    	;;
        pre-down)	# this is actually not supported
    	$ddnsupdate -v -i $1 del
    	;;
        hostname|dhcp4-change|dhcp6-change)
    	;;
        *)
    	echo "$0: called with unknown action \`$2'" 1>&2
    	exit 1
    	;;
    esac
    
  • dns-tsig-gen
    A small perl skript to generate a DNS TSIG key.

    Nowerdays it is much easier to generate a TSIG key with the tsig-keygen (or the ddns-confgen) command provided by BIND.

    $ tsig-keygen -a hmac-sha256 ns1.fq.dn-ns2.fqdn-v1 | tee ns1.fq.dn-ns2.fqdn-v1.secret
    key "ns1.fq.dn-ns2.fqdn-v1" {
    	algorithm hmac-sha256;
    	secret "glOygskrr35mVgTnvFc/0binFnReGb+e6I4ws83U97M=";
    };
    
    Since the file contains a secret, please make it not world readable, and include the content with a include directive into the named.conf file. In case you want to use the TSIG key to authenticate the zone transfer between two
    name servers, it is common practice to use the FQDN of both servers as the name of the key.
    If you add some version information to the key name a key rollover is easier to handle.
  • DKIM

  • A small shell script to create a DKIM (RFC 4871) key (selector) and the corresponding DNS TXT Resource Record
  • Others

  • portrange is a command which prints a list of port ranges specified by a port mask and value combination as
    defined by the Draft "DHCP Options for Conveying Port Mask and Port Range Router IP Address" (M. Boucadair et.al.)

    Examples:
    $ portrange -l "b0100 0000 0000 0000"
    port range mask  16384 allow 2 users to use a range of 32768 ports
    port range value     0
    port range value 16384
    
    $ portrange -v 0x4000 -B -p "b0100 0000 0000 0000"
    list of port ranges for port range value 16384
     16384   16384 to 32767  0100 0000 0000 0000 - 0111 1111 1111 1111
     16384   49152 to 65535  1100 0000 0000 0000 - 1111 1111 1111 1111
    
    Please download the source code (portrange.c) or the Linux or Windows executable file.
  • trace4 is a wrapper command to start a tcpdump trace for a given amount of time or a given number of packets
    e.g.
    # trace4 15min --DNS
    # trace4 1h --ALLUDP
    # trace4 20pkt -i ste0 dest host _myip4_
    
  • spmake is a simple pattern based make(1) like command.
    Have a look at the spmake man page to get an overview how it works.