ip6dnswalk: Walks ip6.arpa tree for a given IPv6 prefix Note: Some authoritative DNS servers such as PowerDNS do not implement RFC1035 correctly: http://wiki.powerdns.com/trac/ticket/127 This has the side effect of preventing DNS walking from working. ip6dnshide: Hides empty terminals in an ip6.arpa zone (preventing walking) Prevents ip6dnswalk from working (unless the secret used to create the wildcards is known because then more information that could be used to infer NXDOMAIN is available) by causing queries that would have returned NXDOMAIN to return NOERROR using some extra records. Warning: If you're thinking of modifying a DNS server to replace NOERROR with NXDOMAIN for ip6.arpa zones, please don't as this isn't valid behaviour. [ This bogus behaviour would completely prevent walking. ] You can however replace NXDOMAIN with NOERROR. There's no requirement to actually have a terminal RR at or below the name being queried - NXDOMAIN just asserts that there isn't one. Doing this for non-ip6.arpa zones would give no benefit. [ This technically valid behaviour would make walking the zone impractical. It'd be mislead into thinking all possible IPs exist. ] Note: If the zone is DNSSEC signed then the use of offline signed NSEC3 allows it to be walked even if the NOERROR trick is used. Credits: Roland Dobbins http://mailman.nanog.org/pipermail/nanog/2011-January/031124.html For giving me the idea that reverse DNS enumeration (based on my existing knowledge that PowerDNS doesn't do NXDOMAIN properly) is actually possible.