As it turns out, many people (Viagénie, Bill Manning, Ryan Rawdon) knew about this trick already. Somebody (I forget who/where) pointed out that this trick worked well for e164.arpa-mapping too. Indeed, I have used this trick to do statistics on other sparse but deep zones years ago.
But, to many other people, this idea was totally novel. Marc ‘van Hauser’ Heuse added a tool based on this idea to his thc-ipv6 IPv6 hacker toolkit, and Patrik ‘nevdull77’ Karlsson committed an nmap script employing the same technique.
Simon Arlott (pointed out to me by Ryan Rawdon) took it one step further
– he also wrote a tool to mitigate this trick in a very clever way.
Check out the README and
ip6dnshide.py in his ip6walk github repo.
The trick works with ldns (1.6.12)+NSD (3.2.10) but BIND9 (9.9.0b1)
rejects the resulting zone file due to non-terminal wildcards.
All in all, the idea was not new but it deserved some exposure. I am glad I was able to provide that :)
I have added some progress reporting to my implementation and at least one issue has been filed against it. I do not intend to develop this further (although I may at some point write a more parallel version), as at least three other implementations exist, and at least two of those are likely to see more usage than my script anyway.