Scribd
Upload
110 views

Dns On Ipv6: Rungroad Saejung

1. The document discusses DNS and IPv6, including how DNS resource records like AAAA and PTR are used to map between IPv6 addresses and domain names in forward and reverse lookup zones. 2. It describes configuring the BIND DNS server software to listen for and respond to IPv6 queries, defining IPv6-enabled forward and reverse lookup zones, and using access control lists. 3. Troubleshooting tips are provided for tools like nslookup and dig to test DNS lookups using both IPv4 and IPv6. Example zone file configurations are also shown.

Uploaded by

Rungroad Saejung
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
110 views

Dns On Ipv6: Rungroad Saejung

1. The document discusses DNS and IPv6, including how DNS resource records like AAAA and PTR are used to map between IPv6 addresses and domain names in forward and reverse lookup zones. 2. It describes configuring the BIND DNS server software to listen for and respond to IPv6 queries, defining IPv6-enabled forward and reverse lookup zones, and using access control lists. 3. Troubleshooting tips are provided for tools like nslookup and dig to test DNS lookups using both IPv4 and IPv6. Example zone file configurations are also shown.

Uploaded by

Rungroad Saejung
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

[email protected].

th

DNS on IPv6
Rungroad Saejung
Topics

1 DNS and IPv6

2 Bind and IPv6

3 Resolver

4 Troubleshooting
DNS and IPv6
DNS Extensions for IPv6 Support (RFC 3596)

Resource Records (RRs)


A - IPv4 address associated with a domain name
AAAA - IPv6 address associated with a domain name
MX domain name of a mail server for the domain
SRV domain name of servers for other protocols
CNAME provide an alternative domain name for
another domain name
NS name of a valid DNS server for this domain
SOA start of a zone in configuration files
PTR IP address for a specific node, in reverse order
DNS and IPv6
Forward-Mapping Zones

Name IPv6 Address


The AAAA RR is for IPv6 what the A RR is for IPv4
Example:

ftp IN A 172.30.0.7
ftp.v6 IN AAAA 2001:3c8:9009:181::7
debian IN CNAME ftp.v6.coe.psu.ac.th.
DNS and IPv6
AAAA Lookup

th com

co ac

psu ku

resolver
DNS and IPv6
Reverse-Mapping Zones

IPv6 Address Name


PTR RR applied to the reverse tree: ip6.arpa
ip6.arpa tree is for IPv6 what the in-addr.arpa tree
is for IPv4
Example:

$ORIGIN 1.0.9.0.0.9.8.c.3.0.1.0.0.2.ip6.arpa.
7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.8 IN PTR
ftp.v6.coe.psu.ac.th.
ipv6calc --in ipv6addr --out revnibbles.arpa
2001:3c8:9009:181::7
DNS and IPv6
Built-In Empty Reverse-Mapping Zones

Reverse-mapping Zone Name Function IPv4 Equivalent


0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa Unspecified IPv6 Address 0.0.0.0
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa IPv6 Loopback Address 127.0.0.1

8.b.d.0.1.0.0.2.ip6.arpa Documentation Network 192.0.2/24

d.f.ip6.arpa Unique Local Addresses RFC 1918

8.e.f.ip6.arpa Link-Local Addresses 169.254/16

9.e.f.ip6.arpa Link-Local Addresses 169.254/16

a.e.f.ip6.arpa Link-Local Addresses 169.254/16

b.e.f.ip6.arpa Link-Local Addresses 169.254/16


DNS and IPv6
Reverse Mapping Tree
DNS and IPv6
The Root DNS Servers (1)
Name Organization Count IPv4 Address IPv6 Address

A VeriSign, Inc. 6/4 198.41.0.4 2001:503:BA3E::2:30

B Information Sciences Institute 1/1 192.228.79.201 2001:478:65::53

C Cogent Communications 6/0 192.33.4.12 -

D University of Maryland 1/0 128.8.10.90 -

E NASA Ames Research Center 1/0 192.203.230.10 -

F Internet Systems Consortium, Inc 49/22 192.5.5.241 2001:500:2f::f

G U.S. DOD Network Information Center 6/0 192.112.36.4 -

H U.S. Army Research Lab 2/2 128.63.2.53 2001:500:1::803f:235

I Netnod (formerly Autonomica) 37/13 192.36.148.17 2001:7fe::53

J VeriSign, Inc. 70/7 192.58.128.30 2001:503:C27::2:30

K RIPE NCC 18/13 193.0.14.129 2001:7fd::1

L ICANN 39/39 199.7.83.42 2001:500:3::42

M WIDE Project 6/5 202.12.27.33 2001:dc3::35


DNS and IPv6
The Root DNS Servers (2)

http://www.root-servers.org
http://www.internic.net/zones/named.root
Bind and IPv6
Installation

apt-get y install bind9


Bind and IPv6
IPv6 Configuration Parameters

listen-on-v6 [port int] {address_match_element;};


query-source-v6 ((ipv6_addr|*)|
[address (ipv6_addr|*)]) [port (int|*)];
transfer-source-v6 (ipv6_addr|*) [port (int|*)];
alt-transfer-source-v6 (ipv6_addr|*) [port (int|*)];
notify-source-v6 (ipv6_addr|*) [port (int|*)];
Bind and IPv6
Listening for Queries

/etc/bind/named.conf.options
options {
# sure other options here, too
listen-on-v6 { any; };
};

netstat -lnptu |grep "named\W*$


dig @::1 localhost aaaa
Bind and IPv6
Sending Queries

options {
# sure other options here, too
query-source-v6 address 2001:db8:cafe:1::1;
};
Bind and IPv6
Zones

zone ipv6.sandbox" {
type master;
file "hosts.ipv6.sandbox";
allow-query {any;};
allow-transfer {any;};

};
zone 8.a.d.0.1.0.0.2.ip6.arpa" {
type master;
file "reverse-2001-0da8_32.IP6.ARPA";
};
Bind and IPv6
Access Control Lists (1)

acl internal-net {
127.0.0.1;
1.2.3.0/24;
::1/128;
2001:db8:cafe::/56;
::ffff:1.2.3.4/128;
};
acl ns-internal-net {
1.2.3.4;
2001:db8:cafe:1::1;
2001:db8:cafe:1::/64;
};
Bind and IPv6
Access Control Lists (2)

options {
# sure other options here, too
listen-on-v6 { any; };
allow-query { internal-net; };
allow-transfer { ns-internal-net; };
};
Resolver
Static Configuration

/etc/resolv.conf
nameserver ::1
nameserver 2001:3c8:9009:181::5
nameserver 2001:3c8:9009:181::9
Resolver
DHCPv6

option dhcp6.domain-name-servers 2001:db8:cafe:1::1,


2001:db8:cafe:2::1;

option dhcp6.domain-search coe.psu.ac.th,psu.ac.th;


Troubleshooting
nslookup (1)

Looking Up Different Record Types


% nslookup
> set all
> set q=AAAA
> ftp.v6.coe.psu.ac.th.
> 2001:3c8:9009:181::7
Troubleshooting
nslookup (2)

Showing the Query and Response Messages


% nslookup -q=AAAA fivedots.v6.coe.psu.ac.th
> set debug # shows the responses
> set d2 # shows the queries
> set nodebug # turn off debugging
Troubleshooting
dig

% dig ftp.v6.coe.psu.ac.th aaaa


% dig fivedots.v6.coe.psu.ac.th mx
% dig @fivedots.v6.coe.psu.ac.th ipv6.google.com. Soa

Zone Transfers
% dig @fivedots.v6.coe.psu.ac.th coe.psu.ac.th axfr
LAB

The virtual machines have a DNS server installed


that allows queries (recursive and
transfer) only from localhost. It responds to IPv4
and has configured the following
zones:

v6.sandbox1 and
1.0.0.0.e.f.a.c.8.4.6.0.1.0.0.2.ip6.arpa
LAB

In /etc/resolv.conf there is only the line


nameserver 127.0.0.1
forcing the end hosts to ask the localhost server.
In order to add an AAAA record, the procedure
differs slightly from that in IPv4
networks.
LAB

/etc/bind/named.conf
zone v6.sandbox1." in {
type master;
file "db.sandbox1";
};
zone " 1.0.0.0.E.F.A.C.8.4.6.0.1.0.0.2.IP6.ARPA " in {
type master;
file reverse-2001-0648-CAFE-1.IP6.ARPA;
};
LAB

Create and populate the zone files


v6.sandbox1
1.0.0.0.e.f.a.c.8.4.6.0.1.0.0.2.ip6.arpa

Validate the configuration files


named-checkzone v6.sandbox1 db.sandbox1

Restart DNS Server


LAB
Examples BIND files

Forward-zone file
test.org. IN SOA server.test.org. root.server.test.org. (
1 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day
test.org. IN NS server.test.org.
localhost.test.org. IN A 127.0.0.1
IN AAAA ::1
server.test.org. IN A 10.10.10.202
IN AAAA 2001:648:E000:1000::2
LAB
Examples BIND files

Reverse-zone file
0.0.0.1.0.0.0.E.8.4.6.0.1.0.0.2.ip6.arpa. IN SOA server.test.org.
root.server.test.org. (
1 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day
0.0.0.1.0.2.3.2.8.4.6.0.1.0.0.2.ip6.arpa. IN NS server.test.org.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.E.8.4.6.0.1.0.0.2.ip6.arpa. IN PTR
server.test.org.

You might also like