I edited the original post I found what I was looking for.

I was having difficulty finding information on the net about setting up bind to answer forward and reverse lookups for ipv6

so here is the relevant information about my bind settings that got it working for me.

named.conf

Code:

options {
listen-on-v6 { any; };
};
zone "L.K.J.I.H.G.F.E.D.C.B.A.1.0.0.2.ip6.arpa" {
 type master;
 file "/etc/bind/db.ip6";
};

db.ip6

Code:

$ORIGIN L.K.J.I.H.G.F.E.D.C.B.A.1.0.0.2.ip6.arpa.
$TTL 86400      ; 1 day
@  IN SOA  house.local. email.address. (
                                2011020201 ; serial
                                28800      ; refresh (8 hours)
                                7200       ; retry (2 hours)
                                2419200    ; expire (4 weeks)
                                86400      ; minimum (1 day)
                                )
   IN NS   myserver.house.local.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR myserver.house.local.

now nslookup performs as follows

Code:

nslookup ABCD:EFGH:IJKL::1 ::1
Server: ::1
Address ::1#53

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.L.K.J.H.G.F.E.D.C.B.A.1.0.0.2.ip6.arpa name = myserver.house.local.

as I was expecting it in the first place

I found helpful info here http://www.secure-computing.net/wiki/index.php/IPv6_DNS
it helped googling for "bind 1.0.0.2.ip6.arpa"

thanks I opened icmpv6 to eth1

All quoted items come from my Hurricane Electric Tunnel Details page.

relevant lines in /etc/network/interfaces

Code:

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
endpoint <"Server IPv4 address">
address <"Client IPv6 address">
netmask  64
up ip -6 route add default dev he-ipv6
down ip -6 route del default dev he-ipv6

relevant lines of ifconfig eth1

Code:

inet6 addr:<First Address of "Routed /64">/64

relevant lines of /etc/sysctl.conf

Code:

net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.eth1.forwarding = 1
net.ipv6.conf.he-ipv6.forwarding = 1
net.ipv6.conf.all.forwarding = 1

I think I can take some lines out of that to secure it up a bit and I will try commenting them out one by one rebooting and try my connection out to make sure everything works but I'd like if someone could offer a little help here if possible. because it requires testing with rebooting server first and then the client and then ipv6 test. Which is a long and tedious process (the double rebooting bit to make sure configurations took).

relevant lines of /etc/radvd

Code:

interface eth1
{
   AdvSendAdvert on;
   AdvHomeAgentFlag off;
   MinRtrAdvInterval 30;
   MaxRtrAdvInterval 100;
   prefix <"Routed /64">
   {
        AdvOnLink on;
        AdvAutonomous on;
   };
};

everything seems to be working as it should. But now I want to lock it down but not break it.

my iptables look as follows for ipv4

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  <internal ip scope/internal ip netmask bits>       0.0.0.0/0
ACCEPT     all  --  127.0.0.1            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

applying the ipv6 equiv seems to break radvd
ie when ip6tables looks like so

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all      <"Routed /64">  ::/0
ACCEPT     all      ::1/128              ::/0
ACCEPT     all      ::/0                 ::/0                state RELATED,ESTABLISHED
DROP       all      ::/128               ::/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

so I need to slack off my ip6tables a bit. I'd like recommendations.
Maybe opening up ipv6 on the eth1 interface and leaving the rest locked down?
How do others have their ip6tables to lock it down?