IPv6 and DNS – Getting your DNS infrastructure ready for IPv6

March 2, 2011 - 1 Comment

You can make your named network services available via IPv6 with a few simple steps.  First, your DNS server or DNS service provider should first hand out AAAA DNS records (pronounced quad-A record) which map hostnames to IPv6 addresses.  Second, you should provide PTR records to allow IPv6 Reverse DNS (rDNS) lookups.  Finally, you should take steps to make the DNS server itself reachable via IPv6.

Setup your DNS Server to start serving AAAA records

To allow resolution of hostnames to IPv6 addresses, your DNS Server must respond to requests for AAAA records.  Adding AAAA records to your forward zones will enable clients with IPv6 connectivity to learn the IPv6 addresses of your resources. Be aware there is a small risk that if a requesting client is among the minority with broken IPv6 connectivity, it can appear to the client that your website is down.  Some companies use DNS whitelisting to mitigate such issues, but there are concerns around that approach.

Setup your DNS Server to start serving ip6.arpa PTR records

For reverse lookups, new reverse zone needs to be setup on your DNS server to cover your IPv6 address space. If you control your own IPv6 address block, you can have your provider delegate the block to your own DNS servers, The PTR records for IPv6 tend to be long because the 128-bit address is broken up 4 bits at a time so that the digits match clearly with the IPv6 address. For example, Cisco’s (www.ipv6.cisco.com) IPv6 address of 2001:420:80:1::5 becomes in an rDNS record. Although the address looks daunting, you can readily see the reverse mapping. Beyond the basic mapping, there are many more things to consider regarding reverse DNS lookups for IPv6.

Setup your DNS Server to provide information using IPv6

The first two steps described above can be implemented without the DNS server itself having IPv6 connectivity since clients can be served with AAAA and IPv6 PTR records over IP4 as a transport. However, to enable complete IPv6 support for your DNS infrastructure, the next few steps are required.

Your DNS server needs IPv6 connectivity and needs to support IPv6 itself if it has to respond to and initiate queries over IPv6.  Once the DNS Server has IPv6 connectivity, it can start serving clients natively over IPv6 and initiate recursive queries over IPv6.

In order to make your DNS server completely IPv6 compliant, you will need to have AAAA glue for your domain, meaning that you must add AAAA records for your own DNS nameservers into the TLD zone of your registrar to make your DNS server reachable over IPv6.  Contact your domain registrar for more details.

Finally, you may also need to check and modify firewall rules, which block DNS packets larger than 512 bytes.

Once your DNS is set up, you may point any client at your DNS server and visit http://test-ipv6.com/ for quick evaluation of IPv6 visibility of your DNS server and http://ipv6-test.com/validate.php to test the reachability of any IPv6 enabled web site.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.