IPv6 – DNS Part 1 (AAAA records)

With the clients now all speaking IPv6 (with IP addresses from stateless auto-config), and the server now having a global-scope static IPv6 address, it’s time to make this much more useful.

With IPv6 address being 128 bits (32 Hex characters), it’s just not practical to expect anyone to remember IP addresses. DNS becomes much more important, not only for servers (with static addresses) but for clients. Clients will in general get their “real” IPv6 address via DHCP6 and do dynamic DNS updates. (There’s a special “stateless” DHCPv6 that just listens for the auto-config’ed IP addresses and put them into DNS.)

There are three parts of getting to “IPv6 DNS”.

  1. The first is to get AAAA (quad-A) records into your DNS system. At that point clients can ask for the AAAA records over IPv4 and everything will work just fine.
  2. The second is for you to actually serve your DNS zones over IPv6.
  3. The third is to get hooked into the global IPv6 DNS system, so that others can resolve your IPv6 addresses.

In this installment, we’ll just do Step 1.

Lets do the AAAA records and test some queries. If you’re this far along, editing Bind zone files and using “dig” should be second nature for you, so I’m only going to show snippets from the zone files:

;;; services
www         a       ;; original IPv4 address
www         aaaa    2001:470:67:88::10 ;; NEW IPv6 address, same name
ipv6        aaaa    2001:470:67:88::10 ;; NEW ipv6 address, new name for ease in testing

I’ve added two new records, a second “www” entry and a completely new “ipv6” entry. The “ipv6” entry is so that I have a hostname that has only an IPv6 address, and no IPv4 addresses. Let’s see what I can get (after I reload the zone)…

$ dig +short ipv6.thuktun.org              # 1 asking for the "A" record for "ipv6" - NO AAAA records exist
$ dig +short ipv6.thuktun.org aaaa         # 2 asking for the AAAA record - SUCCESS
$ dig +short www.thuktun.org               # 3 asking for the "A" record for "www" - SUCCESS
$ dig +short www.thuktun.org aaaa          # 4 ...and the AAAA record - SUCCESS
dig -4 +short www.thuktun.org aaaa         #5 force IPv4 query (which is actually the default) - SUCCESS
$ dig -6 +short www.thuktun.org aaaa       #6 force query over IPv6 transport - NO RESPONSE
^C            #hangs

Two notes:

  1. By default “dig” queries for “A” records if no other record type is given.
  2. Be default “dig” queries over IPv4.

This explains why query #1 returns no data and why #3 returns the “A” record (only). To get the “AAAA” records, you have to explicitly ask for them with a record type. Finally, query #6 attempts to force the DNS queries to use IPv6 for transport, which hangs since there are no know IPv6 DNS resolvers configured in the system.

At this point we’ve achieved step 1, we have AAAA records in our DNS, and we can retrieve them via IPv4.

Next step, having our own DNS server answer queries over IPv6 transport.

%d bloggers like this: