Building a Linux IPv6 DNS Server

A tutorial on building a DNS server node that provides IPv6 name resolution, with examples of some useful IPv6 applications.

IPv6 is the next-generation protocol designed by the Internet Engineering Task Force (IETF) to replace IPv4, the current version of the Internet Protocol. IPv4 has been remarkably resilient. However, its initial design did not take into consideration several issues of importance today, such as a large address space, mobility, security, autoconfiguration and quality of service. To address these concerns, IETF has developed a suite of protocols and standards known as IPv6, which incorporates many of the concepts and proposed methods for updating IPv4. As a result, IPv6 fixes a number of problems in IPv4 and adds many improvements and features that cater to the future mobile Internet.

IPv6 is expected to replace IPv4 gradually, with the two coexisting for a number of years in a transition period. Servers will be dual stack, supporting both IPv4 and IPv6.

In this article, we look closely at IPv6 name resolution and provide a technical tutorial to help readers set up their own IPv6 Linux DNS servers to allow IPv6 name resolution using the latest version of BIND 9.x.

General Network Overview

In this section, we present a sample network scheme (Figure 1) with different IPv6 servers.

Figure 1. Sample Network Architecture

The following nodes are represented in this architecture:

  • Routing server (pc1) acts as an IPv6 software router server and provides router advertisement for all IPv6 nodes.

  • DNS IPv6 server (pc2) provides IPv6 name resolution.

  • Two application servers, one provides video streaming (pc3) and the other is an Apache-based Web server (pc4).

  • Client machines (pc5–7) used for testing purposes.

IPv6 Name Resolution

Domain names are a meaningful and easy-to-remember “handle” for Internet addresses. The domain name system (DNS) is the way that Internet domain names are located and translated into Internet protocol addresses. Because maintaining a central list of domain name/IP address correspondences is not practical, the lists of domain names and IP addresses are distributed throughout the Internet in a hierarchy of authority. Typically, a DNS server is within close geographic range of your access provider; this DNS server maps the domain names in DNS requests or forwards them to other servers on the Internet. For IPv6 DNS requests, both A6 and AAAA syntax are used to express IPv6 addresses.

AAAA resource record (called quad A record) is formatted as fixed-length data. With AAAA, we can define DNS records for IPv6 name resolution as follows, the same method as A records in IPv4:

$ORIGIN X.EXAMPLE.
N            AAAA 2345:00C1:CA11:0001:1234:5678:9ABC:DEF0
N            AAAA 2345:00D2:DA11:0001:1234:5678:9ABC:DEF0
N            AAAA 2345:000E:EB22:0001:1234:5678:9ABC:DEF0

An A6 resource record is formatted as variable-length data. With A6, it is possible to define an IPv6 address by using multiple DNS records. Here is an example taken from RFC 2874:

$ORIGIN X.EXAMPLE.
N            A6 64 ::1234:5678:9ABC:DEF0 SUBNET-1.IP6
SUBNET-1.IP6 A6 48 0:0:0:1::  IP6
IP6          A6 48 0::0       SUBSCRIBER-X.IP6.A.NET.
IP6          A6 48 0::0       SUBSCRIBER-X.IP6.B.NET.

SUBSCRIBER-X.IP6.A.NET. A6 40 0:0:0011:: A.NET.IP6.C.NET.
SUBSCRIBER-X.IP6.A.NET. A6 40 0:0:0011:: A.NET.IP6.D.NET.
SUBSCRIBER-X.IP6.B.NET. A6 40 0:0:0022:: B-NET.IP6.E.NET.
A.NET.IP6.C.NET. A6 28 0:0001:CA00:: C.NET.ALPHA-TLA.ORG.
A.NET.IP6.D.NET. A6 28 0:0002:DA00:: D.NET.ALPHA-TLA.ORG.
B-NET.IP6.E.NET. A6 32 0:0:EB00::    E.NET.ALPHA-TLA.ORG.
C.NET.ALPHA-TLA.ORG. A6 0 2345:00C0::
D.NET.ALPHA-TLA.ORG. A6 0 2345:00D0::
E.NET.ALPHA-TLA.ORG. A6 0 2345:000E::

If we translate the above code into AAAA records, it looks like:

$ORIGIN X.EXAMPLE.
N            AAAA 2345:00C1:CA11:0001:1234:5678:9ABC:DEF0
N            AAAA 2345:00D2:DA11:0001:1234:5678:9ABC:DEF0
N            AAAA 2345:000E:EB22:0001:1234:5678:9ABC:DEF0

Once IPv6 name resolution is configured, we can add domain name system (DNSSEC) to our DNS server. DNSSEC provides three distinct services: key distribution, data origin authentication and transaction and request authentication. The complete definition of DNSSEC is provided in RFC 2535.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

good overview

Anonymous's picture

I think this has helped me understanding how to set
up my ipv6 (only) network. The sytax's are good examples
thanks

Problems with IPv6 DNS files

KenS's picture

This article is interesting. Unfortunately, when I tried to apply the article, I encountered multiple typos in the listing files, which wasted a lot of time. For instance, Listing 1 is missing the closing }; for the options. Listings 3-6 use double-slash comments, which are errors in zone files. The zones "secv6.int" and "secv6.arpa" don't make sense. The lines that start with "IN" are missing significant whitespace. Eventually I gave up on these listings.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix