Enabling DNS for IPv6 infrastructure
Posted
on Get blogged by JoKi
See other posts from Get blogged by JoKi
Published on Wed, 12 Mar 2014 06:34:52 +0000
Indexed on
2014/05/26
21:59 UTC
Read the original article
Hit count: 326
linux
After successful automatic distribution of IPv6 address information via DHCPv6 in your local network it might be time to start offering some more services. Usually, we would use host names in order to communicate with other machines instead of their bare IPv6 addresses. During the following paragraphs we are going to enable our own DNS name server with IPv6 address resolving.
This is the third article in a series on IPv6 configuration:
- Configure IPv6 on your Linux system
- DHCPv6: Provide IPv6 information in your local network
- Enabling DNS for IPv6 infrastructure
- Accessing your web server via IPv6
Piece of advice: This is based on my findings on the internet while reading other people's helpful articles and going through a couple of man-pages on my local system.
What's your name and your IPv6 address?
$ sudo service bind9 status
* bind9 is running
If the service is not recognised, you have to install it first on your system. This is done very easy and quickly like so:
$ sudo apt-get install bind9
Once again, there is no specialised package for IPv6. Just the regular application is good to go.
But of course, it is necessary to enable IPv6 binding in the options. Let's fire up a text editor and modify the configuration file.
$ sudo nano /etc/bind/named.conf.options
acl iosnet {
127.0.0.1;
192.168.1.0/24;
::1/128;
2001:db8:bad:a55::/64;
};
listen-on { iosnet; };
listen-on-v6 { any; };
allow-query { iosnet; };
allow-transfer { iosnet; };
Most important directive is the listen-on-v6. This will enable your named to bind to your IPv6 addresses specified on your system. Easiest is to specify any as value, and named will bind to all available IPv6 addresses during start. More details and explanations are found in the man-pages of named.conf.
Save the file and restart the named service. As usual, check your log files and correct your configuration in case of any logged error messages. Using the netstat command you can validate whether the service is running and to which IP and IPv6 addresses it is bound to, like so:
$ sudo service bind9 restart
$ sudo netstat -lnptu | grep "named\W*$"
tcp 0 0 192.168.1.2:53 0.0.0.0:* LISTEN 1734/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1734/named
tcp6 0 0 :::53 :::* LISTEN 1734/named
udp 0 0 192.168.1.2:53 0.0.0.0:* 1734/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1734/named
udp6 0 0 :::53 :::* 1734/named
Sweet! Okay, now it's about time to resolve host names and their assigned IPv6 addresses using our own DNS name server.
$ host -t aaaa www.6bone.net 2001:db8:bad:a55::2
Using domain server:
Name: 2001:db8:bad:a55::2
Address: 2001:db8:bad:a55::2#53
Aliases:
www.6bone.net is an alias for 6bone.net.
6bone.net has IPv6 address 2001:5c0:1000:10::2
Alright, our newly configured BIND named is fully operational.
Eventually, you might be more familiar with the dig command. Here is the same kind of IPv6 host name resolve but it will provide more details about that particular host as well as the domain in general.
$ dig @2001:db8:bad:a55::2 www.6bone.net. AAAA
More details on the Berkeley Internet Name Domain (bind) daemon and IPv6 are available in Chapter 22.1 of Peter Bieringer's HOWTO on IPv6.
Setting up your own DNS zone
Now, that we have an operational named in place, it's about time to implement and configure our own host names and IPv6 address resolving. The general approach is to create your own zone database below the bind folder and to add AAAA records for your hosts. In order to achieve this, we have to define the zone first in the configuration file named.conf.local.
$ sudo nano /etc/bind/named.conf.local
//
// Do any local configuration here
//
zone "ios.mu" {
type master;
file "/etc/bind/zones/db.ios.mu";
};
Here we specify the location of our zone database file. Next, we are going to create it and add our host names, our IP and our IPv6 addresses.
$ sudo nano /etc/bind/zones/db.ios.mu
$ORIGIN .
$TTL 259200 ; 3 days
ios.mu IN SOA ios.mu. hostmaster.ios.mu. (
2014031101 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS server.ios.mu.
$ORIGIN ios.mu.
server A 192.168.1.2
server AAAA 2001:db8:bad:a55::2
client1 A 192.168.1.3
client1 AAAA 2001:db8:bad:a55::3
client2 A 192.168.1.4
client2 AAAA 2001:db8:bad:a55::4
With a couple of machines in place, it's time to reload that new configuration.
Note: Each time you are going to change your zone databases you have to modify the serial information, too. Named loads the plain text zone definitions and converts them into an internal, indexed binary format to improve lookup performance. If you forget to change your serial then named will not use the new records from the text file but the indexed ones. Or you have to flush the index and force a reload of the zone.
This can be done easily by either restarting the named:
$ sudo service bind9 restart
or by reloading the configuration file using the name server control utility - rndc:
$ sudo rndc reconfig
Check your log files for any error messages and whether the new zone database has been accepted. Next, we are going to resolve a host name trying to get its IPv6 address like so:
$ host -t aaaa server.ios.mu. 2001:db8:bad:a55::2
Using domain server:
Name: 2001:db8:bad:a55::2
Address: 2001:db8:bad:a55::2#53
Aliases:
server.ios.mu has IPv6 address 2001:db8:bad:a55::2
Looks good.
Alternatively, you could have just ping'd the system as well using the ping6 command instead of the regular ping:
$ ping6 server
PING server(2001:db8:bad:a55::2) 56 data bytes
64 bytes from 2001:db8:bad:a55::2: icmp_seq=1 ttl=64 time=0.615 ms
64 bytes from 2001:db8:bad:a55::2: icmp_seq=2 ttl=64 time=0.407 ms
^C
--- ios1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.407/0.511/0.615/0.104 ms
That also looks promising to me. How about your configuration?
Next, it might be interesting to extend the range of available services on the network. One essential service would be to have web sites at hand.
© Get blogged by JoKi or respective owner