DNS setup in the case of IPv6 [Archived]
OUT OF DATE?
Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.
Today we kick off our first guest blog of the year. Thanks Anurag. Enjoy!
Guest blog post by Anurag Bhatia
The Domain Names System (DNS) remains one of the most central and essential parts of the Internet because of the simple and efficient way in which it converts domain names that we can read (like teamarin.net) into machine-friendly IP addresses (like 65.49.79.131).
This blog post discusses about how DNS works in the case of next version of Internet Protocol i.e IPv6.
As many of you already know, there are address records known as “A records” in DNS which help to connect a host-name with an IPv4 address. Just like A records in IPv4, IPv6 features quad A records which are written as AAAA records.
One core feature of a contemporary IPv6 site is its ability to “dual stack” (to connect to both IPv4 & IPv6 networks). In dual stack mode, IPv6 is preferred if it’s available, but if it isn’t, the connection will fall back to IPv4. What this means is that each domain or sub-domain name with dual stack support will need both an A record and AAAA record.
IPv6 has been available from quite some time, and most DNS hosting services offered by registrars, hosting companies and independent players support AAAA records. If you try adding a new record, you will very likely find AAAA record in the “record type” list.
If you are running your own DNS server (say on BIND), you can add an AAAA record in the host’s file just like you add an A record.
For example:
teamarin.net. 3600 IN AAAA 2001:470:1:97::4131:4f83
These components are the host-name, the TTL for record, followed by class (IN), type of record - AAAA, and IPv6 Address of the host.
Once setup, you can also look these records up using “AAAA” with dig or nslookup.
Using dig:
anurag@laptop:~$ dig teamarin.net aaaa +short
2001:470:1:97::4131:4f83
Using nslookup:
anurag@laptop:~$ nslookup
> set type=aaaa
> teamarin.net
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
teamarin.net has AAAA address 2001:470:1:97::4131:4f83
This gives the IPv6 address associated with domain name TeamARIN.net.
There is no difference in the way the CNAME records work. If you have the www.domain.com CNAME as domain.com - creating AAAA records for domain.com will also support IPv6 for www.domain.com because it acts like an alias for the main domain. You can still, however, create an AAAA record for www.domain.com if you’d like. TeamARIN.net has created a record for both.
anurag@laptop:~$ dig teamarin.net aaaa +short
2001:470:1:97::4131:4f83
anurag@laptop:~$ dig www.teamarin.net aaaa +short
2001:470:1:97::4131:4f83
So far this blog post has looked at forward DNS in IPv6.
Reverse DNS can be set up in a similar manner. If you are running your own email server, you must setup reverse DNS that points IP address to host-names used by an email server. This plays an important part in SMTP authentication.
Just like in IPv4 reverse DNS, an in-addr.apra. zone is used, in IPv6, an ip6.arpa. zone is used. Therefore, the IPv6 address 2001:470:1:97::4131:4f83 rDNS PTR record points to TeamARIN.net.
This is accomplished by simply adding an entry for ipv6.arpa. zone:
3.8.f.4.1.3.1.4.0.0.0.0.0.0.0.0.7.9.0.0.1.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. PTR teamarin.net.
You can do a reverse DNS lookup for IPv6 address by using dig -x, just like in IPv4.
Using dig:
anurag@laptop:~$ dig -x 2001:470:1:97::4131:4f83 +short
teamarin.net.
Using nslookup:
anurag@laptop:~$ nslookup
> set type=ptr
> 2001:470:1:97::4131:4f83
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
3.8.f.4.1.3.1.4.0.0.0.0.0.0.0.0.7.9.0.0.1.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa name = teamarin.net.
This is how forward and reverse DNS works in IPv6. I hope you will find this post useful.
Anurag Bhatia,
System & Network Administrator
Cloudaccess.net
Any views, positions, statements or opinions of a guest blog post are those of the author alone and do not represent those of ARIN. ARIN does not guarantee the accuracy, completeness or validity of any claims or statements made by a guest blog post. ARIN shall not be liable for any representations, omissions or errors contained in a guest blog post.
Any views, positions, statements or opinions of a guest blog post are those of the author alone and do not represent those of ARIN. ARIN does not guarantee the accuracy, completeness or validity of any claims or statements, nor shall ARIN be liable for any representations, omissions or errors contained in a guest blog post.
OUT OF DATE?
Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.