IPv6 is a new infrastructure protocol for your network and the Internet. It’s similar to the old IPv4 protocol in many ways – you use DHCP, DNS, HTTP, SIP, LDAP – all the old protocols work. A few are gone, like ARP and some are changed. Today, we’ll talk about DNS and IPv6. Spend 30 minutes to learn more about IPv6 every Friday!
DNS with IPv6 – works like expected
In order to start with IPv6, it’s very common that you add IPv6 to your existing infrastructure. Your clients will now start asking the DNS not only for IPv4 addresses, but also for IPv6 addresses. This works, even if your DNS only talks IPv4. It can still answer questions about IPv6 addresses. Here’s an example where I ask my local name server for the IPv6 address of http://www.v6.facebook.com:
myhost$ dig @192.168.40.1 www.v6.facebook.com AAAA ; <<>> DiG 9.7.2-P3 <<>> @192.168.40.1 www.v6.facebook.com AAAA ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2333 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.v6.facebook.com. IN AAAA ;; ANSWER SECTION: www.v6.facebook.com. 2505 IN AAAA 2620:0:1cfe:face:b00c::3 ;; Query time: 2 msec ;; SERVER: 192.168.40.1#53(192.168.40.1) ;; WHEN: Wed Jan 11 16:28:57 2012 ;; MSG SIZE rcvd: 65
How do you add your own IPv6 addresses to DNS?
If you are using a hosted DNS with a web management frontend, you have to look into the documentation for that server. In the standard DNS zone format you use AAAA records – or “quad-a”. A 32 bit IPv4 address is an A record. IPv6 is four times the size – 128 bits – so it ended up being a quad-A record.
bilbo IN AAAA 2620:0:1cfe:face:b00c::3
You might want to start with adding a separate host name. If you have the IPv4 host name bilbo.example.com, you could use bilbo.v6.example.com. When you feel safe with the IPv6 support, you move it back to bilbo.example.com.
Make your DNS server reachable over IPv6
The most important first step to make your external Internet services reachable is to make your DNS server reachable over IPv6. Look in your server documentation on how to do that and test. When you are done, it is important that you add IPv6 addresses to the host name records for your name server host so that it has both A and AAAA records.
Secondly, you need to inform your registrar about the new address. DNS delegation works by using something called glue records. The zone “above” you needs to have pointers to your name servers in that zone. If you have the domain namn.se, the .se zone needs glue records for all your name servers. Otherwise, no one can find you and your servers. Not all registrars support IPv6, especially if they have web forms. If they don’t do it in the web interface, contact support. If they still do not support it manually, change to another registrar. Arin’s wiki has a list of some good and some bad US registrars.
Also check if your top level domain has IPv6 support. Not all TLDs support IPv6 yet.
Make sure that you present the same data over IPv6 as over IPv4
It is important that you use the same data for both IPv4 and IPv6 queries. You can not assume that all IPv6 clients will reach your DNS server over IPv6 and serve different data. An IPv6 client may ask it’s local name server over IPv6, but that name server could very well be dual stack and forward the query over IPv4 and get the result from a cached entry somewhere. This is a feature of the DNS. Just make sure that you don’t try to be clever and present different sets of data over the different protocols.
Use DNS to show your preference!
There are network services that use DNS SRV records to find a server. Both SIP and XMPP use SRV records in the domain zone to provide both failover and load balancing. These can be used to indicate how you want others to connect to you. If you have a perfect IPv6 connection and only connect to the old IPv4 Internet over slow tunnels, you can indicate this:
sipserver.example.com. IN AAAA 2001:DB8:BE:EF:1000:1 sipserver-old-gateway.example.com. IN A 192.168.40.100 _sip._tcp.example.com. 86400 IN SRV 10 5 5060 sipserver.example.com. _sip._tcp.example.com. 86400 IN SRV 20 5 5060 sipserver-old-gateway.example.com.
An IPv4 client should check the lowest priority first and find out that there’s no available host in that priority and switch to the second priority. An IPv6 client finds a host in the lowest priority. A dual stack client will also find the IPv6 host first and stick to that. DNS SRV records are for you to define how you want to be reached. Use it!
Summary: Just get it done!
This week, the summary is short and sweet: Just get it done. Either get real IPv6 connections from your ISP or set up a tunnel. Most tunnel brokers will point to your DNS servers for reverse DNS (something that we haven’t mentioned here) and provide you with IPv6-capable DNS servers. Start playing with the tunnel and use it to serve your DNS to the world over IPv6.
- Arin’s IPv6 Wiki has an excellent document on IPv6 and DNS – continue reading here!
- Cricket Liu, one of the DNS gurus, has written a small book on DNS and and BIND with IPv6, available from O’Reilly (and of course available in the Safari Bookshelf).
- RFC 1886 documents DNS additions for IPv6, which includes the AAAA record
- IPv6 support in the DNS, presentation in PDF format, Athanassios Liakopoulos (6diss)
- TLDs with IPv6 - currently 267 of 312 top level domains support IPv6 – HE.net
- DNS and IPv6 – instructions on how to configure a BIND resolver for IPv6