[itpub.net]dns and bind on ipv6

7/30/2019 [Itpub.net]DNS and BIND on IPv6

1/52


2/52


3/52

DNS and BIND on IPv6


4/52


5/52

DNS and BIND on IPv6

&ULFNHW/LX

Beijing Cambridge Farnham Kln Sebastopol Tokyo


6/52

DNS and BIND on IPv6E\&ULFNHW/LX

&RS\ULJKW&ULFNHW/LX$OOULJKWVUHVHUYHG3ULQWHGLQWKH8QLWHG6WDWHVRI$PHULFD

3XEOLVKHGE\25HLOO\0HGLD,QF*UDYHQVWHLQ+LJKZD\1RUWK6HEDVWRSRO&$

25HLOO\ERRNVPD\EHSXUFKDVHGIRUHGXFDWLRQDOEXVLQHVVRUVDOHVSURPRWLRQDOXVH2QOLQHHGLWLRQVDUHDOVRDYDLODEOHIRUPRVWWLWOHVKWWSP\VDIDULERRNVRQOLQHFRP)RUPRUHLQIRUPDWLRQFRQWDFWRXUFRUSRUDWHLQVWLWXWLRQDOVDOHVGHSDUWPHQWRU FRUSRUDWH#RUHLOO\FRP

Editor: 0LNH/RXNLGHVProduction Editor: +ROO\%DXHUProofreader: +ROO\%DXHU

Cover Designer: .DUHQ0RQWJRPHU\Interior Designer: 'DYLG)XWDWRIllustrator: 5REHUW5RPDQR

Printing History:0D\ )LUVW(GLWLRQ

1XWVKHOO+DQGERRNWKH1XWVKHOO+DQGERRNORJRDQGWKH25HLOO\ORJRDUHUHJLVWHUHGWUDGHPDUNVRI25HLOO\0HGLD,QF7KHLPDJHRIFULFNHWVDQGUHODWHGWUDGHGUHVVDUHWUDGHPDUNVRI25HLOO\0HGLD,QF

0DQ\RIWKHGHVLJQDWLRQVXVHGE\PDQXIDFWXUHUVDQGVHOOHUVWRGLVWLQJXLVKWKHLUSURGXFWVDUHFODLPHGDVWUDGHPDUNV:KHUHWKRVHGHVLJQDWLRQVDSSHDULQWKLVERRNDQG25HLOO\0HGLD,QFZDVDZDUHRIDWUDGHPDUNFODLPWKHGHVLJQDWLRQVKDYHEHHQSULQWHGLQFDSVRULQLWLDOFDSV

:KLOHHYHU\SUHFDXWLRQKDVEHHQWDNHQLQWKHSUHSDUDWLRQRIWKLVERRNWKHSXEOLVKHUDQGDXWKRUDVVXPHQRUHVSRQVLELOLW\IRUHUURUVRURPLVVLRQVRUIRUGDPDJHVUHVXOWLQJIURPWKHXVHRIWKHLQIRUPDWLRQFRQWDLQHGKHUHLQ

,6%1

>/6,@


7/52

Table of Contents

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii

1. DNS and IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1%DFNJURXQG

,3YDQG'16 7KH$%&VRI,3Y$GGUHVVHV ,3Y)RUZDUGDQG5HYHUVH0DSSLQJ $$$$DQGLSDUSD $GGLQJ$$$$5HFRUGVWR)RUZDUG0DSSLQJ=RQHV ,3Y5HYHUVH0DSSLQJ=RQHV 'HOHJDWLRQDQG5HYHUVH0DSSLQJ=RQHV %XLOW,Q(PSW\5HYHUVH0DSSLQJ=RQHV

2. BIND on IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

/LVWHQLQJIRU4XHULHV 6HQGLQJ4XHULHV 0RUHRQ4XHU\3RUW5DQGRPL]DWLRQ )RUFLQJWKH8VHRID3DUWLFXODU3URWRFRO ,3Y0DVWHUVDQG6ODYHV 2WKHU,3Y=RQH7UDQVIHU&RQWUROV ,3Y1HWZRUNVDQG$GGUHVVHVLQ$&/V 5HJLVWHULQJ,3Y1DPH6HUYHUV 'HOHJDWLQJWR,3Y1DPH6HUYHUV 6HUYHU6WDWHPHQWVIRU,3Y1DPH6HUYHUV

6SHFLDO&RQVLGHUDWLRQV +DQGOLQJ0RQROLQJXDO1DPH6HUYHUV +DQGOLQJ%URNHQ5HVROYHUV

UQGFDQG,3Y

3. Resolver Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210DF26;

v


8/52

:LQGRZV '\QDPLF5HVROYHU&RQILJXUDWLRQ

5HVROYHU&RQILJXUDWLRQ8VLQJ'+&3Y 5HVROYHU&RQILJXUDWLRQ8VLQJ5RXWHU$GYHUWLVHPHQWV

4. DNS64 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27$XWKRULWDWLYH1DPH6HUYHUVDQG'16 ,QWHUDFWLRQ%HWZHHQ'16DQG'166(& '16DQG5HYHUVH0DSSLQJ

5. Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33QVORRNXS GLJ

vi | Table of Contents


9/52

Preface

,PVRUU\IRUZULWLQJWKLVHERRN

:HOOWKDWVQRWTXLWHDFFXUDWH:KDW,PHDQLV,PVRUU\,GLGQWKDYHWLPHWRXSGDWH'16DQG%,1'WRLQFOXGHDOOWKLVQHZ,3YPDWHULDO'16DQG%,1'GHVHUYHVDVL[WKHGLWLRQEXW,PDIUDLGP\VFKHGXOHLVVRKHFWLFULJKWQRZWKDW,MXVWGRQWKDYHWLPHWR

ZULWHLW+HFN,PRQDIOLJKWIURP%RVWRQWR7DPSDDV,ZULWHWKLV/RQJIOLJKWVDUHJUHDWIRUZULWLQJSUHIDFHVQRWVRJUHDWIRUZULWLQJERRNVDERXW,QWHUQHWWHFKQRORJLHV7KRXJKLQIOLJKW,QWHUQHWDFFHVVGRHVKHOS

7KLVERRNLVHVVHQWLDOO\DOOWKHPDWHULDOUHODWHGWR,3YWKDW,ZRXOGKDYHLQFOXGHGLQWKHVL[WKHGLWLRQRI'16DQG%,1'DQGZLOORQFH,JHWWRLW,WFRYHUVKRZ'16ZDVH[WHQGHG WR DFFRPPRGDWH,3Y DGGUHVVHV ERWK IRU IRUZDUGPDSSLQJ DQG UHYHUVHPDSSLQJ,WGHVFULEHVKRZWRFRQILJXUHD%,1'QDPHVHUYHUWRUXQRQDQ,3YQHWZRUNDQGKRZWRWURXEOHVKRRWSUREOHPVZLWK,3YIRUZDUGDQGUHYHUVHPDSSLQJ,WHYHQFRYHUV'16D'16EDVHGWUDQVLWLRQWHFKQRORJ\WKDWWRJHWKHUZLWKDFRPSDQLRQWHFKQRORJ\FDOOHG1$7FDQKHOSLVODQGVRI,3YRQO\VSHDNLQJKRVWVFRPPXQLFDWH

ZLWK,3YUHVRXUFHV

Audience,ZURWHWKLVERRNIRU'16DGPLQLVWUDWRUVZKRDUHUROOLQJRXW,3YRQWKHLUQHWZRUNVDQGZKRQHHGWRXQGHUVWDQGKRZWRVXSSRUW,3YRQWKRVHQHWZRUNVZLWK'167KLVHERRNFRYHUVWKHXQGHUO\LQJWKHRU\LQFOXGLQJWKHVWUXFWXUHDQGUHSUHVHQWDWLRQRI,3YDGGUHVVHVWKH$0DQG2IODJVLQ5RXWHU$GYHUWLVHPHQWVDQGZKDWWKH\PHDQWR'16DVZHOODVWKHQXWVDQGEROWVLQFOXGLQJWKHV\QWD[RI$$$$UHFRUGVDQG375UHFRUGVLQWKHLSDUSDUHYHUVHPDSSLQJ]RQHDQGWKHV\QWD[DQGVHPDQWLFVRIFRQILJXULQJD

%,1'QDPHVHUYHU

Assumptions This Book Makes7KLVERRNDVVXPHVWKDW\RXXQGHUVWDQGEDVLF'16WKHRU\DQG%,1'FRQILJXUDWLRQ,WGRHVQWH[SODLQZKDWDUHVRXUFHUHFRUGLVRUKRZWRHGLWD]RQHGDWDILOHRUUHPLQG\RX

vii


10/52


11/52

Constant width

,QGLFDWHV FRPPDQGV RSWLRQV VZLWFKHV YDULDEOHV DWWULEXWHV NH\V IXQFWLRQVW\SHVFODVVHVQDPHVSDFHVPHWKRGVPRGXOHVSURSHUWLHVSDUDPHWHUVYDOXHVRE

MHFWVHYHQWVHYHQWKDQGOHUV;0/WDJV+70/WDJVPDFURVWKHFRQWHQWVRIILOHVRUWKHRXWSXWIURPFRPPDQGV

Constant width bold6KRZVFRPPDQGVRURWKHUWH[WWKDWVKRXOGEHW\SHGOLWHUDOO\E\WKHXVHU

Constant width italic

6KRZVWH[WWKDWVKRXOGEHUHSODFHGZLWKXVHUVXSSOLHGYDOXHV

7KLVLFRQVLJQLILHVDWLSVXJJHVWLRQRUJHQHUDOQRWH

7KLVLFRQLQGLFDWHVDZDUQLQJRUFDXWLRQ

Using Code Examples7KLVERRNLVKHUHWRKHOS\RXJHW\RXUMREGRQH,QJHQHUDO\RXPD\XVHWKHFRGHLQWKLVERRNLQ\RXUSURJUDPVDQGGRFXPHQWDWLRQ


12/52

:LWKDVXEVFULSWLRQ\RXFDQUHDGDQ\SDJHDQGZDWFKDQ\YLGHRIURPRXUOLEUDU\RQOLQH5HDGERRNVRQ\RXUFHOOSKRQHDQGPRELOHGHYLFHV$FFHVVQHZWLWOHVEHIRUHWKH\DUHDYDLODEOHIRUSULQWDQGJHWH[FOXVLYHDFFHVVWRPDQXVFULSWVLQGHYHORSPHQWDQGSRVWIHHGEDFNIRUWKHDXWKRUV&RS\DQGSDVWHFRGHVDPSOHVRUJDQL]H\RXUIDYRULWHVGRZQORDGFKDSWHUVERRNPDUNNH\VHFWLRQVFUHDWHQRWHVSULQWRXWSDJHVDQGEHQHILWIURP

WRQVRIRWKHUWLPHVDYLQJIHDWXUHV25HLOO\0HGLDKDVXSORDGHGWKLVERRNWRWKH6DIDUL%RRNV2QOLQHVHUYLFH7RKDYHIXOOGLJLWDODFFHVVWRWKLVERRNDQGRWKHUVRQVLPLODUWRSLFVIURP25HLOO\DQGRWKHUSXEOLVKHUVVLJQXSIRUIUHHDWKWWSP\VDIDULERRNVRQOLQHFRP

How to Contact Us3OHDVHDGGUHVVFRPPHQWVDQGTXHVWLRQVFRQFHUQLQJWKLVERRNWRWKHSXEOLVKHU

25HLOO\0HGLD,QF*UDYHQVWHLQ+LJKZD\1RUWK6HEDVWRSRO&$LQWKH8QLWHG6WDWHVRU&DQDGDLQWHUQDWLRQDORUORFDOID[

:HKDYHDZHESDJHIRUWKLVERRNZKHUHZHOLVWHUUDWDH[DPSOHVDQGDQ\DGGLWLRQDOLQIRUPDWLRQ


13/52

Acknowledgments0DQ\WKDQNVWRP\ORQJWLPHHGLWRU0LNH/RXNLGHVIRUVXJJHVWLQJWKLVERRNLQWKHILUVWSODFH7KRXJKQRZKHVJRLQJWRVWDUWSUHVVXULQJPHWRJHWJRLQJRQWKHVL[WKHGLWLRQRI'16DQG%,1'7KDQNVDOVRWRP\ERVVDW,QIREOR[6WHYH1\HZKRVXS

SRUWHGWKHSURMHFWDQGWRP\ROGIULHQGDQGFRFRQVSLUDWRULQWKH$VN0U'16SRGFDVW0DWW/DUVRQZKRKHOSVNHHSP\'16VNLOOVIURPDWURSK\LQJFRPSOHWHO\$QGPXFKFUHGLWLVGXH2ZHQ'H/RQJIRUKLVH[FHOOHQWWHFKQLFDOUHYLHZ

0RVWRIDOOWKRXJKWKDQNVWRP\IDPLO\:DOWDQG*UHWD&KDUOLHDQG-HVVLHDQGHVSHFLDOO\P\ZLIH3DLJH7KH\JLYHPHERWKWKHWLPHWRZULWHDQGWKHUHDVRQ

Preface | xi


14/52


15/52

CHAPTER 1

DNS and IPv6

Background,QHDUO\)HEUXDU\WKH,QWHUQHW$VVLJQHG1XPEHUV$XWKRULW\RU,$1$DVVLJQHG

WKHODVWUHPDLQLQJ,3YDGGUHVVVSDFHWRWKHILYH5HJLRQDO,QWHUQHW5HJLVWULHV5,5V$VRIWKLVZULWLQJWKH5,5VKDYHQW\HWGROHGRXWWKDWDGGUHVVVSDFHWRFDUULHUVDQGRWKHUFXVWRPHUVEXWLWVFOHDUWKDWWKHH[KDXVWLRQRI,3YDGGUHVVVSDFHLVLPPLQHQW

)RUPRVWRUJDQL]DWLRQVRQWKH,QWHUQHWWKHGHSOHWLRQRIWKH,QWHUQHWVXQDOORFDWHG,3YDGGUHVVVSDFHZRQWQHFHVVLWDWHLPPHGLDWHFKDQJHV,3YLVQWJRLQJDQ\ZKHUHIRUWKHIRUHVHHDEOHIXWXUH,QFHUWDLQH[FHSWLRQDOFDVHVKRZHYHURUJDQL]DWLRQVPD\QHHGWRLPSOHPHQW,3YDOPRVWULJKWDZD\PRELOHFDUULHUVDQG,63VVHHNLQJWRH[SDQGWKHLUVXEVFULEHUEDVHVIRUH[DPSOHPD\QHHGWRXVH,3YIRUQHZVXEVFULEHUVLIWKH\ODFNDGGLWLRQDO,3YDGGUHVVVSDFHWRXVHIRUH[SDQVLRQ

7KH,QWHUQHWVWUDQVLWLRQIURP,3YWR,3YKDVEHJXQ:LWKWKH86JRYHUQPHQWVPDQGDWHWKDWJRYHUQPHQWDJHQFLHVPRYHWKHLUQHWZRUNVWR,3YDJURZLQJQXPEHURIXVHUVZLOODFFHVVWKH,QWHUQHWRYHUWKHQHZSURWRFRODQGDQLQFUHDVLQJQXPEHURIUHVRXUFHV

ZHEVLWHVQDPHVHUYHUVPDLOVHUYHUVDQGPRUHZLOOEHDFFHVVLEOHYLD,3Y,QVRPHFDVHVVRPHPD\RQO\EHDFFHVVLEOHRYHU,3Y

7KHWUDQVLWLRQWR,3YZLOOWDNH\HDUVPD\EHGHFDGHVWRFRPSOHWH7RGD\RIFRXUVH,3YLV DOUHDG\URXWHGRYHUWKH,QWHUQHWRI WKH,QWHUQHWV$XWRQRPRXV6\VWHPVDGYHUWLVHURXWHVWRERWK,3YDQG,3YQHWZRUNV%XW,3YFRQVWLWXWHVDWLQ\IUDFWLRQRIWKHWUDIILFURXWHGRYHUWKH,QWHUQHW2UJDQL]DWLRQVGHSOR\LQJQHZ,3YQHWZRUNVWRGD\QHHGWRLPSOHPHQWWUDQVLWLRQWHFKQRORJLHVWKDWHQDEOHWKHLU,3YEDVHGGHYLFHVWRUHDFK

,3YRQO\VHUYLFHV

2YHUWLPHKRZHYHUWKHEDODQFHZLOOVKLIWDQGVRZLOOWKHUHVSRQVLELOLW\$V,3YEHFRPHVWKHSUHGRPLQDQWSURWRFRORQWKH,QWHUQHWWKHUHPDLQLQJSRFNHWVRI,3YZLOOQHHGWRDFFRPPRGDWH,3YQRWYLFHYHUVD,LPDJLQHWKHWUDQVLWLRQSOD\LQJRXWVRPHWKLQJOLNHWKHPRYHIURPURWDU\GLDOLQJWR7RXFK7RQHLQZKHQWKHVZLWFKEHJDQ7RXFK7RQHZDVDQRYHOW\\RXKDGWRSD\H[WUDIRU1RZRIFRXUVH7RXFK7RQHLVWKHQRUPXQOHVV\RXYHDOUHDG\PRYHGRQWR9R,3DQGURWDU\GLDOLQJLVD

1


16/52

FXULRVLW\\RXKDYHWRSD\\RXUSKRQHFRPSDQ\PRUHWRDFFRPPRGDWHLIWKH\FDQVWLOOKDQGOHLWDWDOO

IPv6 and DNS

7KHH[KDXVWLRQRIWKH,3YDGGUHVVVSDFHZDVQWXQH[SHFWHGRIFRXUVH7KH,QWHUQHW(QJLQHHULQJ7DVN)RUFH,(7)GHYHORSHG,3YHUVLRQLQWKHVODUJHO\LQDQWLFLSDWLRQRIWKLVGD\/LNHZLVHWKH'RPDLQ1DPH6\VWHPZDVH[WHQGHGWRDFFRPPRGDWH,3YVORQJHU,3DGGUHVVHVE\DGGLQJQHZUHFRUGW\SHVDQGQHZYHUVLRQVRIQDPHVHUYHUVLQFOXGLQJ%,1'ZHUHUHOHDVHGWRVXSSRUWWKRVHQHZUHFRUGW\SHVDVZHOODVWKHXVHRI,3YWRWUDQVSRUWTXHULHVDQGUHVSRQVHV$WWKLVSRLQWDOOEXWDQFLHQW%,1'QDPHVHUYHUVVXSSRUW,3YWKRXJKLQPRVWFDVHVWKDWVXSSRUWLVQWFRQILJXUHGRUXVHG:HYH

MXVWEHHQZDLWLQJSDWLHQWO\IRUWKHSURWRFROWRFDWFKRQ

The ABCs of IPv6 Addresses7KHPRVWZLGHO\NQRZQDVSHFWRI,3YDQGUHDOO\WKHRQO\RQHWKDWPDWWHUVWR'16LVWKHOHQJWKRIWKH,3YDGGUHVVELWVIRXUWLPHVDVORQJDV,3YVELWDGGUHVV7KHSUHIHUUHGUHSUHVHQWDWLRQRIDQ,3YDGGUHVVLVHLJKWJURXSVRIDVPDQ\DVIRXUKH[DGHFLPDOGLJLWVVHSDUDWHGE\FRORQV)RUH[DPSOH

2001:0db8:0123:4567:89ab:cdef:0123:4567

7KHILUVWJURXSRUTXDUWHWRIKH[GLJLWVLQWKLVH[DPSOHUHSUHVHQWVWKHPRVWVLJQLILFDQWRUKLJKHVWRUGHUVL[WHHQELWVRIWKHDGGUHVV,QELQDU\WHUPVLVHTXLYDOHQWWR

*URXSVRIGLJLWVWKDWEHJLQZLWKRQHRUPRUH]HURVGRQWQHHGWREHSDGGHGWRIRXUSODFHVVR\RXFDQDOVRZULWHWKHSUHYLRXVDGGUHVVDV

2001:db8:123:4567:89ab:cdef:123:4567

(DFKJURXSPXVWFRQWDLQDWOHDVWRQHGLJLWWKRXJKXQOHVV\RXUHXVLQJWKHQRWDWLRQ7KHQRWDWLRQDOORZV\RXWRFRPSUHVVVHTXHQWLDOJURXSVRI]HURV7KLVFRPHVLQKDQG\ZKHQ\RXUHVSHFLI\LQJMXVWDQ,3YSUHIL[)RUH[DPSOH

2001:db8:dead:beef::

VSHFLILHVWKHILUVWELWVRIDQ,3YDGGUHVVDVGEGHDGEHHIDQGWKHUHPDLQLQJDV]HURV


17/52


18/52

DQGELWV)LQDOO\LQDQ,63VDGGUHVVVSDFHWKH,63FDQDVVLJQWKHELWVDIWHULWV5,5DVVLJQHGSUHIL[XSWRWKHDOORFDWHGWRHDFKFXVWRPHUHQGVLWH

&RLQFLGHQWDOO\0RYLH8QLYHUVLW\MXVWDUUDQJHGWRJHW,3YFRQQHFWLYLW\IURPRXU,637KH,63DVVLJQHGXVDVL]HG,3YQHWZRUNGEFDIHZKLFKZHOOVXEQHWXVLQJWKHVFKHPHMXVWGHVFULEHGLQWRVL]HGVXEQHWZRUNV

:KDWVWKLVIHDGGUHVV"

,I\RXUHSRNLQJDURXQGRQD8QL[RU/LQX[V\VWHPZLWK LIFRQILJQHWVWDWRUWKHOLNH\RXPD\QRWLFHWKDW\RXUKRVWVQHWZRUNLQWHUIDFHVDOUHDG\KDYH,3YDGGUHVVHVDVVLJQHGWRWKHPVWDUWLQJZLWKWKHTXDUWHWIH 7KHVH DUHOLQNORFDO VFRSHG DGGUHVVHVGHULYHG DXWRPDWLFDOO\IURPWKHLQWHUIDFHVKDUGZDUHDGGUHVVHV7KHOLQNORFDOVFRSHLVVLJQLILFDQW\RXFDQWDFFHVVWKHVHDGGUHVVHVIURPDQ\ZKHUHEXWWKHORFDOVXEQHWVRGRQWXVHWKHPLQGHOHJDWLRQPDVWHUVVXEVWDWHPHQWVDQGWKHOLNH8VH JOREDO XQLFDVWDGGUHVVHVDVVLJQHG WR WKHKRVWLQVWHDG


19/52

AAAA and ip6.arpa7KH$$$$SURQRXQFHGTXDG$QRWDKKUHFRUGGHVFULEHGLQ5)&LVDVLPSOHDGGUHVVUHFRUGZLWKUHFRUGVSHFLILFGDWDWKDWVIRXUWLPHVDVORQJDVDQ$UHFRUGKHQFHWKHIRXU$VLQWKHUHFRUGW\SH7KH$$$$UHFRUGWDNHVDVLWVUHFRUGVSHFLILFGDWD

WKHWH[WXDOIRUPDWRIDQ,3YDGGUHVVH[DFWO\DVGHVFULEHGHDUOLHU6RIRUH[DPSOH\RXGVHH$$$$UHFRUGVOLNHWKLVRQH

ipv6-host IN AAAA 2001:db8:1:2:3:4:567:89ab

$V\RXFDQVHHLWVSHUIHFWO\RND\WRXVHVKRUWFXWVLQWKH,3YDGGUHVVLQFOXGLQJGURSSLQJOHDGLQJ]HURHVIURPTXDUWHWVDQGUHSODFLQJRQHRUPRUHFRQWLJXRXVTXDUWHWVRIDOO]HURHVZLWK

5)&DOVRHVWDEOLVKHGLSLQWQRZUHSODFHGE\LSDUSDDQHZUHYHUVHPDSSLQJQDPHVSDFHIRU,3YDGGUHVVHV(DFKOHYHORIVXEGRPDLQXQGHU LSDUSDUHSUHVHQWVIRXUELWVRIWKHELWDGGUHVVHQFRGHGDVDKH[DGHFLPDOGLJLWMXVWOLNHLQWKHUHFRUGVSHFLILFGDWDRIWKH$$$$UHFRUG7KHOHDVWVLJQLILFDQWORZHVWRUGHUELWVDSSHDUDWWKHIDUOHIWRIWKHGRPDLQQDPH8QOLNHWKHIRUPDWRI,3YDGGUHVVHVLQ$$$$UHFRUGVRPLWWLQJOHDGLQJ]HURVLVQRWDOORZHGVRWKHUHDUHDOZD\VKH[DGHFLPDOGLJLWVDQGOHYHOVRIVXEGRPDLQEHORZLSDUSDLQDGRPDLQQDPHFRUUHVSRQGLQJWRDIXOO,3YDGGUHVV7KHGRPDLQQDPHWKDWFRUUHVSRQGVWRWKHDGGUHVVLQWKHSUHYLRXVH[DPSOHLV

b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.

7KHVHGRPDLQQDPHVKDYH375UHFRUGVDWWDFKHGMXVWDVWKHGRPDLQQDPHVXQGHULQDGGUDUSDGR

b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.8.b.d.1.0.0.2.ip6.arpa. IN PTRmash.ip6.movie.edu.

Adding AAAA Records to Forward-Mapping Zones$DQG$$$$UHFRUGVFDQFRH[LVWVLGHE\VLGHLQDQ\IRUZDUGPDSSLQJ]RQH6RIRUH[DPSOHLI\RXUKRVWKDVERWKDQ,3YDQGDQ,3YDGGUHVVFRPPRQO\FDOOHGDGXDOVWDFNKRVW\RXFDQDWWDFKERWK$DQG$$$$UHFRUGVWRLWVGRPDLQQDPH

suckerpunch IN A 192.249.249.111IN AAAA 2001:db8:cafe:f9::d3

+RZHYHU\RXVKRXOGEHFDUHIXOZLWKWKDWFRQILJXUDWLRQDWOHDVWIRUWKHWLPHEHLQJ6RPHFXUUHQWUHVROYHUVZLOODOZD\VORRNXS$$$$UHFRUGVEHIRUH$UHFRUGVHYHQLIWKHKRVWUXQQLQJWKHUHVROYHUODFNVWKHDELOLW\WRFRPPXQLFDWHZLWKDOO,3YDGGUHVVHVIRUH[DPSOHWKHKRVWRQO\KDVDOLQNORFDO,3YDGGUHVVRUXVHVVRPHWUDQVLWLRQWHFKQRORJ\WKDWJLYHVLWOLPLWHG,3YFRQQHFWLYLW\,I\RXDWWDFKERWK$DQG$$$$UHFRUGVWRDVLQJOHGRPDLQQDPHDVLQWKHH[DPSOHDERYHDXVHURIRQHRIWKHVHEURNHQUHVROYHUVZRXOGQHHGWRZDLWIRUKLVFRQQHFWLRQWRWKH,3YDGGUHVVWRWLPHRXWEHIRUHVXFFHVVIXOO\FRQQHFWLQJWRWKH,3YDGGUHVVZKLFKFRXOGWDNHDVORQJDVDIHZPLQXWHVVHH+DQGOLQJ%URNHQ5HVROYHUVLQ&KDSWHUIRUDPHFKDQLVPWRKHOS\RXGHDOZLWKWKLV

Adding AAAA Records to Forward-Mapping Zones | 5


20/52

8QWLOWKHVHEURNHQUHVROYHUVDUHIL[HGLWVSUXGHQWWRDWWDFK$DQG$$$$UHFRUGVWRGLIIHUHQWGRPDLQQDPHVDWOHDVWIRUKRVWVRIIHULQJVHUYLFHV

suckerpunch IN A 192.249.249.111suckerpunch-v6 IN AAAA 2001:db8:cafe:f9::d3

,I\RXOLNHWKHDHVWKHWLFVEHWWHU\RXFDQXVHYDVDODEHOLQWKHGRPDLQQDPHLQVWHDG

RIDVDVXIIL[WRWKHKRVWQDPHsuckerpunch.v6 IN AAAA 2001:db8:cafe:f9::d3

1RWHWKDWWKLVGRHVQWUHTXLUHWKDW\RXFUHDWHDQHZVXE]RQHFDOOHG YPRYLHHGXDVXEGRPDLQLQWKHVDPH]RQHZLOOGRQLFHO\

IPv6 Reverse-Mapping Zones,I\RXXVHWKHVWDQGDUG,3YVXEQHWWLQJVFKHPHVKRZQLQWKHGLDJUDPLQ7KH$%&VRI,3Y$GGUHVVHVWKHUHYHUVHPDSSLQJ]RQHVWKDWFRUUHVSRQGWR\RXUVXEQHWVZLOOKDYH

ODEHOV )RU H[DPSOH WKH VXEQHW WKDW VXFNHUSXQFKYPRYLHHGX LV RQGEFDIHIZRXOGFRUUHVSRQGWRWKHUHYHUVHPDSSLQJ]RQHIHIDFEGLSDUSD5HPHPEHUWKDW'16LVFDVHLQVHQVLWLYHVRZHFRXOGDOVRKDYHFDOOHG WKH ]RQH )()$&%',3$53$ RU HYHQ )H)D&E'L3D5S$LIZHGEHHQIHHOLQJSXQFK\7KH\DOOZRXOGKDYHKDQGOHGUHYHUVHPDSSLQJRI,3YDGGUHVVHVMXVWDVZHOO

$VZLWK,3YUHYHUVHPDSSLQJ]RQHV,3YUHYHUVHPDSSLQJ]RQHVPRVWO\FRQWDLQ375UHFRUGV$QGDVZLWKDQ\]RQHWKH\PXVWFRQWDLQRQH62$UHFRUGDQGRQHRUPRUH16UHFRUGV+HUHVZKDWWKHEHJLQQLQJRIWKDW]RQHORRNVOLNH

$TTL 1d

@ IN SOA terminator.movie.edu. hostmaster.movie.edu. (2011030800 ; Serial number1h ; Refresh (1 hour)15m ; Retry (15 minutes)30d ; Expire (30 days)10m ) ; Negative-caching TTL (10 minutes)

IN NS terminator.movie.edu.IN NS wormhole.movie.edu.

3.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR suckerpunch.v6.movie.edu.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR super8.v6.movie.edu.

+HUHVKRSLQJWKDWPRVWRI\RXUKRVWVZLOOXVHG\QDPLFXSGDWHWRUHJLVWHUWKHLURZQ$$$$DQG375UHFRUGVRUHOVH\RXUHJRLQJWRZHDURXWWKHSHULRGNH\RQ\RXUNH\ERDUG

,I\RXUHJRLQJWRDGGDORWRI375UHFRUGVWRDQ,3YUHYHUVHPDSSLQJ]RQHE\KDQGLWVDJRRGLGHDWRPDNHOLEHUDOXVHRIWKH25,*,1FRQWUROVWDWHPHQW)RUH[DPSOH\RXFRXOGUHZULWHWKRVHODVWWZR375UHFRUGVDV

6 | Chapter 1:DNS and IPv6


21/52

$ORIGIN 0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.f.0.0.e.f.a.c.8.b.d.0.1.0.0.2.ip6.arpa.3.d PTR suckerpunch.v6.movie.edu.4.d PTR super8.v6.movie.edu.

7KH]RQHVWDWHPHQWZHDGGHGWRWKHQDPHGFRQIILOHRQWHUPLQDWRUWRFRQILJXUHLWDVWKHSULPDU\QDPHVHUYHUIRUWKHUHYHUVHPDSSLQJ]RQHORRNVOLNHWKLV

zone "9.f.0.0.e.f.a.c.8.b.d.0.1.0.0.2.ip6.arpa" {type master;file "db.2001:db8:cafe:f9";

};

2IFRXUVH\RXFDQQDPHWKH]RQHGDWDILOHZKDWHYHU\RXOLNHEXW,VXJJHVWHPEHGGLQJWKHVXEQHWVSUHIL[LQWKHUHVRPHZKHUH

,WVSUREDEO\EHVWWRDYRLGWKHXVHRIWKH*(1(5$7(FRQWUROVWDWHPHQWLQ,3YUHYHUVHPDSSLQJ]RQHV)LJXULQJRXWWKHULJKWV\QWD[WRXVHWRJHQHUDWH375UHFRUGVIRUVXFK]RQHVLVWULFN\DQGLWVHDV\WRFUHDWHVRPDQ\375UHFRUGVWKDW\RXFDQFDXVH\RXUQDPHVHUYHUWRUXQRXWRI

PHPRU\

Delegation and Reverse-Mapping Zones


22/52

IN NS terminator.movie.edu.IN NS wormhole.movie.edu.

9.f.0.0 IN NS adjustmentbureau.movie.edu.IN NS rango.movie.edu.

2IFRXUVHQRJOXHDGGUHVVHVDUHQHFHVVDU\EHFDXVHWKHGRPDLQQDPHVRIWKHQDPH

VHUYHUVDUHQWEHORZWKHGHOHJDWLRQSRLQW

Built-In Empty Reverse-Mapping Zones7KHUHDUHTXLWHDIHZ,3YDGGUHVVHVDQGQHWZRUNVWKDWVHUYHVSHFLDOSXUSRVHV)RUH[DPSOH,3YOLNH,3YKDVDQXQVSHFLILHGDGGUHVVXVHGE\XQLQLWLDOL]HGQHWZRUNLQWHUIDFHVDQGDORRSEDFNDGGUHVVDVZHOODVQHWZRUNVIRUOLQNORFDODGGUHVVHVDQGPRUH7KHODWHVWYHUVLRQVRI %,1'LQFOXGHEXLOWLQHPSW\YHUVLRQVRI WKHUHYHUVHPDSSLQJ]RQHVWKDWFRUUHVSRQGWRWKHVHDGGUHVVHVDQGQHWZRUNV7KH]RQHVDUHHPSW\VRWKDW\RXUORFDO%,1'QDPHVHUYHUZLOOUHVSRQGWRDQ\TXHULHVWRUHYHUVHPDSWKHVH

DGGUHVVHVLPPHGLDWHO\ZLWKDQHJDWLYHDQVZHUZLWKRXWIRUZDUGLQJWKDWTXHU\RIIWRWKH,QWHUQHWWRDQRWKHUQDPHVHUYHUMXVWWRJHWWKHVDPHQHJDWLYHDQVZHURUQRDQVZHUDWDOO

7KHWDEOHEHORZOLVWVWKHEXLOWLQUHYHUVHPDSSLQJ]RQHVWKHIXQFWLRQVRIWKHDGGUHVVHVDQGQHWZRUNVWKH\PDSWRDQGWKHURXJKHTXLYDOHQWLQ,3Y

Reverse-mapping Zone Name Function IPv4 Equivalent

0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa Unspecified IPv6 address 0.0.0.0

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa IPv6 Loopback Address 127.0.0.1

8.b.d.0.1.0.0.2.ip6.arpa IPv6 Documentation Network 192.0.2/24d.f.ip6.arpa Unique Local Addresses 10/8, etc. (RFC

1918)

8.e.f.ip6.arpa Link-Local Addresses 169.254/16

9.e.f.ip6.arpa Link-Local Addresses 169.254/16

a.e.f.ip6.arpa Link-Local Addresses 169.254/16

b.e.f.ip6.arpa Link-Local Addresses 169.254/16

%,1'LVVPDUWHQRXJKWRQRWLFHLI\RXYHDOUHDG\FRQILJXUHG\RXURZQYHUVLRQRIRQH

RIWKHVHUHYHUVHPDSSLQJ]RQHVHYHQLIWKH]RQHLVQWDQDXWKRULWDWLYH]RQHVXFKDVDIRUZDUGRUVWXE]RQHVR\RXFDQHDVLO\RYHUULGH%,1'VHPSW\]RQHV7RGLVDEOHLQGLYLGXDOEXLOWLQHPSW\]RQHVZLWKRXWFUHDWLQJH[SOLFLW]RQHVWDWHPHQWVIRUWKHPXVHWKHGLVDEOHHPSW\]RQHVXEVWDWHPHQWZKLFKWDNHVDVDQDUJXPHQWWKHGRPDLQQDPHRIWKH]RQHWRGLVDEOH

options {disable-empty-zone "d.f.ip6.arpa";

};

8 | Chapter 1:DNS and IPv6


23/52

7RGLVDEOHDOOEXLOWLQHPSW\]RQHV\RXFDQXVHWKHHPSW\]RQHVHQDEOHVXEVWDWHPHQW%\GHIDXOWRIFRXUVHWKH\UHHQDEOHGVR

options {empty-zones-enable no;

};

ZLOOGLVDEOHWKHP


24/52


25/52

CHAPTER 2

BIND on IPv6

0RGHUQ%,1'QDPHVHUYHUVLQFOXGHFRPSOHWHVXSSRUWIRU,3YZKLFKPHDQVQRWRQO\KDQGOLQJTXHULHVWKDWDVNIRUWKH,3YDGGUHVVHVRIDJLYHQGRPDLQQDPHEXWDOVRUHVSRQGLQJWRWKRVHTXHULHVRYHU,3YDVZHOODVTXHU\LQJRWKHUQDPHVHUYHUVRYHU,3Y

Listening for Queries%\GHIDXOW%,1'QDPHVHUYHUVZRQWOLVWHQIRUTXHULHVWKDWDUULYHRQDQ,3YLQWHUIDFH7RWHOOWKHQDPHVHUYHUWROLVWHQRQDQ,3YLQWHUIDFHXVHWKHOLVWHQRQYVXEVWDWHPHQW7KHVLPSOHVWIRUPRIWKLVVXEVWDWHPHQWLV

options {listen-on-v6 { any; };

};

ZKLFKLQVWUXFWVWKHQDPHVHUYHUWROLVWHQIRUTXHULHVRQDQ\,3YQHWZRUNLQWHUIDFHVFRQILJXUHGRQWKHKRVW,I\RXQHHGWREHPRUHVHOHFWLYH\RXFDQVSHFLI\DSDUWLFXODULQWHUIDFHRUSDUWLFXODULQWHUIDFHV

options {listen-on-v6 { 2001:db8:cafe:1::1; 2001:db8:cafe:2::1; };

};


26/52

,I\RXQHHGWRKDYH\RXUQDPHVHUYHUOLVWHQRQPXOWLSOHSRUWVDWWKHVDPHWLPHMXVWXVHPXOWLSOHOLVWHQRQYVXEVWDWHPHQWV


27/52

options {avoid-v6-udp-ports { range 1024 1025; };

};

,IIRUZKDWHYHUUHDVRQ\RXQHHGWRUHVWULFWWKHUDQJHRISRUWV%,1'XVHVWRRQHVPDOOHUWKDQWKHGHIDXOWXVHWKHXVHYXGSSRUWVVXEVWDWHPHQWZKLFKWDNHVWKHUDQJHDVDQDUJXPHQW

options {use-v6-udp-ports { range 1024 16727; };

};

$JDLQEHYHU\FDUHIXOVLQFHUHVWULFWLQJWKHUDQJHWRRPXFKZLOOOLPLWWKHHIIHFWLYHQHVVRITXHU\SRUWUDQGRPL]DWLRQ

Forcing the Use of a Particular Protocol2FFDVLRQDOO\\RXPD\ZDQWWRIRUFHDQDPHVHUYHUQRWWRXVH,3YRU,3YGHVSLWHWKH

IDFWWKDWWKHKRVWLWVUXQQLQJRQ KDVGXDOVWDFNV)RUH[DPSOH\RXPD\NQRZWKDWWKHKRVWLVQWFDSDEOHRIUHDFKLQJWKHHQWLUH,3Y,QWHUQHWEHFDXVHRIOLPLWDWLRQVLQWKHWUDQVLWLRQWHFKQRORJ\\RXXVH,QVLWXDWLRQVOLNHWKLV\RXFDQWHOOWKHQDPHVHUYHUWRXVHRQO\,3YRURQO\,3YZLWKWKHDQGFRPPDQGOLQHRSWLRQVUHVSHFWLYHO\

% named 4

WHOOVWKHQDPHVHUYHUWRXVHRQO\,3YZKLOH

% named 6

REYLRXVO\WHOOVWKHQDPHVHUYHUWRXVHRQO\,3Y

IPv6 Masters and Slaves2IFRXUVH%,1'VXSSRUWV]RQHWUDQVIHUVRYHU,3YWRR7RFRQILJXUHDVODYHQDPHVHUYHUWRWUDQVIHUD]RQHIURPLWVPDVWHUXVLQJ,3YMXVWVSHFLI\WKHPDVWHUV,3YDGGUHVVLQWKH]RQHVPDVWHUVVXEVWDWHPHQW

zone "movie.edu" {type slave;masters { 2001:db8:cafe:1::1; };file "bak.movie.edu";

};

7RPDNHWKLVPRUHUHDGDEOH,VXJJHVWXVLQJWKHQHZPDVWHUVVWDWHPHQWPDVWHUVOHWV\RXDVVLJQDQDPHWRDOLVWRIPDVWHUQDPHVHUYHUVDQGWKHQUHIHUWRWKDWQDPHLQ]RQHVWDWHPHQWV(YHQLIWKHOLVWFRQVLVWVRIMXVWDVLQJOHPDVWHUQDPHVHUYHUJLYLQJLWDQDPHZLOOPDNHLWPXFKHDVLHUWRLGHQWLI\

masters terminator.movie.edu { 2001:db8:cafe:1::1; };

zone "movie.edu" {type slave;

IPv6 Masters and Slaves | 13


28/52

masters { terminator.movie.edu; };file "bak.movie.edu";

};

,I\RXZDQWWRVSHFLI\D76,*NH\RUHYHQDQDOWHUQDWHSRUWRQWKHPDVWHUQDPHVHUYHUWRWUDQVIHUIURP\RXFDQVSHFLI\WKRVHLQWKHPDVWHUVVWDWHPHQW

masters terminator-and-wormhole {2001:db8:cafe:1::1 key tsig.movie.edu;2001:db8:cafe:2::1 port 5353 key tsig.movie.edu;

};


29/52

IPv6 Networks and Addresses in ACLs7RVXSSRUW,3YDFFHVVFRQWUROOLVWV$&/VZHUHH[WHQGHGWRDOORZWKHVSHFLILFDWLRQRI,3YDGGUHVVHV6SHFLI\LQJ,3YDGGUHVVHVLQ$&/VZRUNVDV\RXGH[SHFWLWWR

acl Movie-U {

2001:db8:cafe::/48;};

acl campus-subnets {2001:db8:cafe:1::/64;2001:db8:cafe:2::/64;

};


30/52

Registering IPv6 Name Servers2QFH\RXYHVHWXSDQ,3YQDPHVHUYHUWKDWVDXWKRULWDWLYHIRURQHRUPRUH]RQHV\RXPD\ZDQWWRDGGWKHQHZ,3YDGGUHVVWRWKRVH]RQHVGHOHJDWLRQLQIRUPDWLRQ7KDWZLOOUHTXLUHWKDW\RXUSDUHQWVXSSRUWUHJLVWUDWLRQRI,3YDGGUHVVHVIRUQDPHVHUYHUV

$OPRVWDOOWRSOHYHOGRPDLQVVXFKDVFRPQHWDQGRUJDQGPRVWODUJHFRXQWU\FRGHWRSOHYHOGRPDLQVVXFKDVXNDQGGHVXSSRUW,3YDGGUHVVHVIRUQDPHVHUYHUV,QPRVWFDVHVKRZHYHU\RXGRQWGHDOGLUHFWO\ZLWKWKHDGPLQLVWUDWRUVRIWKHVHGRPDLQVEXWUDWKHUZRUNWKURXJKDQLQWHUPHGLDU\FDOOHGD UHJLVWUDU8QIRUWXQDWHO\QRWDOOUHJLVWUDUVVXSSRUWUHJLVWUDWLRQRI,3YDGGUHVVHV,I\RXUVGRHVQW\RXPD\KDYHQRFKRLFHEXWWRWUDQVIHU\RXU]RQHVWRDUHJLVWUDUWKDWGRHVRUDWOHDVWWKUHDWHQWRLIWKH\GRQWJHWWKHLUDFWWRJHWKHU

7KHDFWXDOSURFHVV\RXXVHWRUHJLVWHUDQDPHVHUYHUV,3YDGGUHVVYDULHVGHSHQGLQJRQ WKH UHJLVWUDU EXW PRVW JRRG UHJLVWUDUV SURYLGH UHDVRQDEO\ LQWXLWLYH ZHEEDVHGLQWHUIDFHVIRUPDQDJLQJGHOHJDWLRQLQIRUPDWLRQDQGDOORZ\RXWRVLPSO\HQWHUDQ,3Y

DGGUHVVWKHUH,I\RXUSDUHQW]RQHLVPDQDJHGE\VRPHRQHHOVHLQ\RXURUJDQL]DWLRQVD\DQHWZRUNDGPLQLVWUDWRUDW\RXUFRPSDQ\VFRUSRUDWHKHDGTXDUWHUVDVNWKHPKRZWKH\GOLNHWKHQHZDGGUHVVVXEPLWWHG,WPD\EHDVHDV\DVVHQGLQJWKHPHPDLO

)RUWKHWLPHEHLQJZKLOH,3YLVVWLOOFDWFKLQJRQPDNHVXUHWKDW\RXUHJLVWHUERWK,3YDQG,3YDGGUHVVHVIRU\RXUQDPHVHUYHUV,I\RXGRQWKDYHDQ\,3YVSHDNLQJQDPHVHUYHUVPRVWUHFXUVLYHQDPHVHUYHUVRQWKH,QWHUQHWZRQWEHDEOHWRUHVROYHDQ\RI\RXUGRPDLQQDPHV

Delegating to IPv6 Name Servers,I\RXPDQDJHDSDUHQW]RQHWKDWLV\RXUHWKHQHWZRUNDGPLQLVWUDWRUDW\RXUFRPSDQ\VFRUSRUDWHKHDGTXDUWHUVPHQWLRQHGHDUOLHUWKHDGPLQLVWUDWRUVRI\RXUVXE]RQHVPD\DVN\RXWRDGG,3YDGGUHVVHVWRWKHLUGHOHJDWLRQ'RLQJVRLVVWUDLJKWIRUZDUG

6D\ WKH QHWZRUN DGPLQLVWUDWRU RI RXU FRPSXWHUJHQHUDWHG LPDJHU\ GHSDUWPHQWFJLPRYLHHGXKDVMXVWVHWXSDQHZ,3YQHWZRUNDQGZDQWVXVWRDGGKLVQDPHVHUYHUVQHZ,3YDGGUHVVHVWRKLVGHOHJDWLRQ&XUUHQWO\KLVGHOHJDWLRQORRNVOLNHWKLV

cgi.movie.edu. IN NS avatar.cgi.movie.edu.cgi.movie.edu. IN NS tron.cgi.movie.edu.

avatar.cgi.movie.edu. IN A 192.249.249.169tron.cgi.movie.edu. IN A 192.253.253.169

+HVMXVWVHWXSWKH,3YVXEQHWVGEFDIHDQGGEFDIHVRDIWHUDGGLQJ$$$$UHFRUGVIRUWKHWZRKRVWVWKHGHOHJDWLRQORRNVOLNHWKLV

cgi.movie.edu. IN NS avatar.cgi.movie.edu.cgi.movie.edu. IN NS tron.cgi.movie.edu.

16 | Chapter 2:BIND on IPv6


31/52

avatar.cgi.movie.edu. IN A 192.249.249.169IN AAAA 2001:db8:cafe:10::2

tron.cgi.movie.edu. IN A 192.253.253.169IN AAAA 2001:db8:cafe:11::2

,WVZRUWKUHLWHUDWLQJKHUHWKDWJOXH$ RU$$$$UHFRUGVDUHQHFHVVDU\LQGHOHJDWLRQRQO\ZKHQDVXEGRPDLQLVGHOHJDWHGWRDQDPHVHUYHUWKDWHQGVLQWKHQDPHRIWKH

VXEGRPDLQDVWURQFJLPRYLHHGXHQGVLQFJLPRYLHHGX,IWKDWVQRWWUXHJOXHUHFRUGVDUHQWQHHGHG

Server Statements for IPv6 Name Servers,I\RXQHHGWRWZHDNWKHZD\\RXUQDPHVHUYHUFRPPXQLFDWHVZLWKDSDUWLFXODUUHPRWHQDPHVHUYHU\RXXVHWKH VHUYHUVWDWHPHQW7KHVHUYHUVWDWHPHQWQRZVXSSRUWV,3YDGGUHVVHV WRR VR LI \RX ZDQWHG WR WHOO \RXU QDPH VHUYHU WR XVH WKH 76,* NH\PRYLHHGXNH\ZKHQFRPPXQLFDWLQJZLWKWHUPLQDWRUPRYLHHGXRYHU,3Y\RXFRXOGXVHWKHIROORZLQJVHUYHUVWDWHPHQW

server 2001:db8:cafe:1::1 {keys { movie.edu.key; };

};

$QGUHPHPEHUWKDWWKHVHUYHUVWDWHPHQWQRZVLQFHDWOHDVW%,1'DFFHSWVWKHVSHFLILFDWLRQRIDQHQWLUHQHWZRUNDVDQDUJXPHQWVR\RXFDQFRQILJXUHKRZ\RXUQDPHVHUYHUFRPPXQLFDWHVZLWKDZKROHVHWRIQDPHVHUYHUV)RUH[DPSOHWRWHOO\RXUQDPHVHUYHUQRWWRTXHU\DQ\RIWKHQDPHVHUYHUVRQWKH0RYLH8,3YQHWZRUN\RXFRXOGXVHWKLVVHUYHUVWDWHPHQW

server 2001:db8:cafe::/48 {bogus yes;

};

%XWZK\ZRXOG\RXHYHUZDQWWRGRWKDW"

)RUDPRUHFRPSOHWHOLVWRIVHUYHUVXEVWDWHPHQWVVHH'16DQG%,1'

Special Considerations

Handling Monolingual Name Servers

)RUWKHIRUHVHHDEOHIXWXUHZHOOUXQERWKWKH,3YDQG,3YSURWRFROVLQSDUDOOHORQWKH,QWHUQHW:KLOHWRGD\WKHYDVWPDMRULW\RI]RQHVDUHVHUYHGE\QDPHVHUYHUVZLWKRQO\,3Y FRQQHFWLYLW\ VRPH GD\KRSHIXOO\ VRRQHU UDWKHU WKDQ ODWHUZHOO VHH ]RQHVVHUYHGRQO\E\,3YQDPHVHUYHUV(LWKHUNLQGRI]RQHLQWURGXFHVDQLQWHURSHUDELOLW\FKDOOHQJHWKRXJKKRZFDQDUHFXUVLYHQDPHVHUYHUZLWKRQO\,3YFRQQHFWLYLW\UHVROYHD GRPDLQ QDPH LQ D ]RQHVHUYHG RQO\ E\,3Y QDPH VHUYHUV" $QG ZKDWDERXW WKHFRQYHUVH"

Special Considerations | 17


32/52

%,1'DOORZV\RXWRFRQILJXUHDVRUWRISURWRFROIRUZDUGHUFDOOHGD GXDOVWDFNVHUYHUIRUWKHVHSRRUPRQROLQJXDOUHFXUVRUV:KHQDUHFXUVRUQHHGVWRORRNXSGDWDLQD]RQHVHUYHGRQO\E\QDPHVHUYHUVWKDWGRQWVSHDNWKHVDPHSURWRFROLWVLPSO\IRUZDUGVWKDWTXHU\WRWKHGXDOVWDFNVHUYHUDQGZDLWVIRUDUHVSRQVH7KHIRUZDUGHGTXHU\LVUHFXUVLYHRWKHUZLVHWKH QDPHVHUYHU GRLQJWKHIRUZDUGLQJPLJKW UHFHLYH D

UHIHUUDOLQUHSO\ZKLFKZRXOGQWKHOSPXFK7KHEDVLFV\QWD[LVVLPLODUWRWKDWXVHGWRFRQILJXUHIRUZDUGHUV

dual-stack-servers { 192.249.249.1; 192.249.249.3; };


33/52


34/52

controls {inet ::allow { localnets; }keys { rndc-key; };

};


35/52

CHAPTER 3

Resolver Configuration

&RQILJXULQJDUHVROYHUWRTXHU\DQDPHVHUYHURYHU,3YLVDSLHFHRIFDNHDVVXPLQJWKHUHVROYHUVXSSRUWV,3Y


36/52

,I\RXUFRPSXWHUKDVEHHQDVVLJQHGDOLVWRIQDPHVHUYHUVE\D'+&3VHUYHU\RXPD\ILQGWKH'166HUYHUVVHFWLRQSRSXODWHG


37/52


38/52

$VZLWK0DF26;WRFRQILJXUHWKHQDPHVHUYHUV\RXUUHVROYHUTXHULHVZKHQXVLQJDGLIIHUHQWQHWZRUNLQWHUIDFHVLPSO\FKRRVHWKDWLQWHUIDFHLQVWHDGRI/RFDO$UHD&RQQHFWLRQ

$IWHUUHFRQILJXULQJ\RXUUHVROYHUWRXVH,3YLWVDJRRGLGHDWRYHULI\WKDW'16UHVROXWLRQVWLOOZRUNVZLWKDWRROVXFKDVGLJRUQVORRNXS6HHWKHFKDSWHURQWURXEOHVKRRWLQJ

ODWHULQWKLVERRNIRUGHWDLOV

Dynamic Resolver Configuration,3YVXSSRUWVVHYHUDOPHWKRGVIRUG\QDPLFDOO\FRQILJXULQJDKRVWV,3DGGUHVVDQGRWKHUQHWZRUNSDUDPHWHUV

$WUDGLWLRQDOPHWKRGXVLQJ'+&3YWKH,3YYHUVLRQRI'+&3

6WDWHOHVV$GGUHVV$XWRFRQILJXUDWLRQRU6/$$&LQZKLFKDKRVWXVHV5RXWHU$GYHUWLVHPHQWVWRDVVHPEOHDQ,3DGGUHVVDSSURSULDWHIRUXVHRQWKHORFDOQHWZRUN

DQGWRGHWHUPLQHRWKHUQHWZRUNSDUDPHWHUV $K\EULGPHWKRGLQZKLFKDKRVWXVHV6/$$&IRUDGGUHVVDVVLJQPHQWEXW'+&3Y

WRGHWHUPLQHRWKHUQHWZRUNSDUDPHWHUV

,QWKHILUVWDQGODVWPHWKRGVUHVROYHUFRQILJXUDWLRQLQYROYHVVHWWLQJWKHULJKW'+&3YRSWLRQV,QWKHVHFRQGLWUHTXLUHVVHWWLQJXSWKHFRUUHFW5RXWHU$GYHUWLVHPHQWRSWLRQV

%XWZDLWKRZGRHVDKRVWFKRRVHZKHWKHUWRXVH6/$$&'+&3YRUERWK"$URXWHUWHOOVLWLWVRSWLRQVZLWKIODJVLQLWV5RXWHU$GYHUWLVHPHQWV

7KH0IODJIRU0DQDJHG$GGUHVV&RQILJXUDWLRQWHOOVKRVWVWKDW'+&3YLVDYDLODEOHIRUERWKDGGUHVVDVVLJQPHQWDQGQHWZRUNSDUDPHWHUVLQFOXGLQJUHVROYHU

FRQILJXUDWLRQ

7KH$IODJIRU$XWRQRPRXV$GGUHVV&RQILJXUDWLRQWHOOVKRVWVWKDW6/$$&LVDYDLODEOHIRUDGGUHVVDVVLJQPHQWDQGQHWZRUNSDUDPHWHUVSRVVLEO\LQFOXGLQJUHVROYHUFRQILJXUDWLRQ

7KH2IODJIRU2WKHU6WDWHIXO&RQILJXUDWLRQWHOOVKRVWVWKDW'+&3YLVDYDLODEOHIRUQHWZRUNSDUDPHWHUVRWKHUWKDQDGGUHVVDVVLJQPHQWWKDWLVWREHXVHGWRJHWKHUZLWK6/$$&LQWKHK\EULGPHWKRGGHVFULEHGHDUOLHU

1RWHWKDWWKHKRVWKDVDFKRLFHRIPHWKRGVWRXVHDQGFDQXVHPRUHWKDQRQH)RUH[DPSOHDURXWHUPD\DGYHUWLVHWKHDYDLODELOLW\RIERWK6/$$&DQG'+&3YIRUDG

GUHVVDVVLJQPHQWDQGDKRVWPD\JHWRQH,3YDGGUHVVXVLQJ6/$$&DQGDQRWKHUXVLQJ'+&3Y$KRVWPD\DOVRUHFHLYHUHVROYHUFRQILJXUDWLRQIURPERWKPHWKRGVDQGWKHQPHUJHWKHP&RQIXVLQJHK"

24 | Chapter 3:Resolver Configuration


39/52

Resolver Configuration Using DHCPv6,3YVXSSRUWVG\QDPLFFRQILJXUDWLRQRIKRVWVXVLQJ'+&3YDQGQDWXUDOO\\RXFDQXVH'+&3YWRFRQILJXUHDUHVROYHU'+&3YKDVQHZUHVROYHUFRQILJXUDWLRQRSWLRQVWKRXJK\RXFDQWXVHWKHVDPHROG'+&3YRSWLRQVWRFRQILJXUH\RXUUHVROYHURYHU'+&3Y7KHQHZRSWLRQVDUH

Option Number ISC Option Name Option Argument

23 dhcp6.name-servers Comma-separated list of IPv6 addresses

24 dhcp6.domain-search Comma-separated list of domain names

$QGKHUHVDVQLSSHWIURPDQ,6&'+&3VHUYHUVGKFSGFRQIILOHWRVKRZ\RXKRZWKHRSWLRQVDUHVHW

option dhcp6.name-servers 2001:db8:cafe:1::1, 2001:db8:cafe:2::1;option dhcp6.domain-search "cgi.movie.edu","movie.edu";

7KHDELOLW\WRVHWDVHDUFKOLVWYLD'+&3LVQHZZKLOH5)&LQWURGXFHGD'+&3YRSWLRQ WR GR WKDW EDFN LQ LW ZDV QHYHU ZLGHO\ VXSSRUWHG E\ '+&3 FOLHQWV'+&3YKDVVXSSRUWHGFRQILJXUDWLRQRIWKHVHDUFKOLVWIURPWKHEHJLQQLQJWKRXJKVRDOO'+&3YFOLHQWVVKRXOGVXSSRUWLW

7KHUHVDQRWKHUFKDQJHLQ'+&3YZRUWKPHQWLRQLQJ,Q,3Y'+&3FRPHVLQWZRIODYRUVVWDWHOHVVDQGVWDWHIXO6WDWHIXO'+&3YLVOLNH'+&3RQ,3YD'+&3FOLHQWFDQVWDUWZLWKQRWKLQJEXWD0$&DGGUHVVDQGKDYHDQ,3DGGUHVVSOXVRWKHUQHWZRUNFRQILJXUDWLRQDVVLJQHG%XWVWDWHOHVV'+&3YLVQHZDQGVXSSRUWVWKHK\EULGPHWKRGRIFRQILJXULQJQHWZRUNVWDFNVD'+&3FOLHQWWKDWDOUHDG\KDVDQ,3DGGUHVVHJDVVLJQHGXVLQJ6/$$&FDQUHWULHYHQHWZRUNFRQILJXUDWLRQH[FOXGLQJDGGUHVVDVVLJQ

PHQWZKLFKLWGRHVQWQHHGIURPD'+&3YVHUYHU

Resolver Configuration Using Router Advertisements5RXWHU$GYHUWLVHPHQWVRULJLQDOO\GLGQWFRQWDLQDQ\UHVROYHUFRQILJXUDWLRQSDUDPHWHUVVRDOWKRXJKKRVWVFRXOGXVH6/$$&WRFRQILJXUHPRVWRIWKHLUQHWZRUNVWDFNVWKH\FRXOGQWFRQILJXUHWKHLUUHVROYHUV)RUWKDWWKH\QHHGHGWRXVHVWDWHOHVV'+&3YZKLFKFRXOGSURYLGHWKH,3YDGGUHVVHVRIUHFXUVLYHQDPHVHUYHUVDVZHOODVRWKHU'16UHODWHGSDUDPHWHUVVXFKDVDVHDUFKOLVWDVGHVFULEHGLQWKHODVWVHFWLRQ%XWWKLVUHTXLUHGWKDWHYHU\,3YVXEQHWEHVHUYHGE\D'+&3YVHUYHULQPDQ\FDVHVVROHO\WRSURYLGH

UHVROYHUFRQILJXUDWLRQ7KHQ5)&H[WHQGHG5RXWHU$GYHUWLVHPHQWVWRVXSSRUWWKHVSHFLILFDWLRQRIWKH,3YDGGUHVVHVRIUHFXUVLYHQDPHVHUYHUVDVZHOODVD'16VHDUFKOLVWHOLPLQDWLQJWKHQHHGIRUD'+&3YVHUYHULQPDQ\FDVHV

7KH5RXWHU$GYHUWLVHPHQWRSWLRQXVHGWRFRQILJXUHDUHVROYHUVQDPHVHUYHUVLVFDOOHG5'166IRU5HFXUVLYH'166HUYHU7KHRSWLRQIRUFRQILJXULQJDUHVROYHUVVHDUFKOLVW

Dynamic Resolver Configuration | 25


40/52

LVFDOOHG'166/IRU'166HDUFK/LVW$VWKHQDPHVXJJHVWV5RXWHU$GYHUWLVHPHQWVDUHVHQWE\URXWHUVVR\RXZRXOGXVXDOO\FRQILJXUHWKHRSWLRQVRQWKRVHURXWHUV$QGRIFRXUVHWKHSDUWLFXODUV\QWD[UHTXLUHGZRXOGYDU\GHSHQGLQJRQWKHPDNHRIURXWHUV\RXUDQ

,ZULWHZRXOGEHFDXVH5)&LVYHU\QHZSXEOLVKHGLQ1RYHPEHUVRQRW

PXFKJHDUVXSSRUWVLW\HWWKRXJKWKHUHVVRPHZKDWPRUHVXSSRUWIRU5)&DSUHFXUVRUWR5)&5)&LQWURGXFHGVXSSRUWIRUWKH5'166RSWLRQEXWGLGQWLQFOXGHDZD\WRVHWDVHDUFKOLVW2QWKHVHUYHUVLGH/LQX[DQGYDULRXV%6'RSHUDWLQJV\VWHPVKDYHDWOHDVWVRPHVXSSRUWLQUWDGYGWKH5RXWHU$GYHUWLVHPHQWGDHPRQ2QWKHFOLHQWVLGH0DF26;/LRQLVUXPRUHGWRVXSSRUW5)&

+HUHVDQH[DPSOHRIFRQILJXULQJWKH5'166RSWLRQLQUWDGYGFRQIWKH/LQX[YHUVLRQRIUWDGYGVFRQILJXUDWLRQILOH

interface eth0 {AdvSendAdvert on;prefix 2001:db8:cafe:1::/64 {

AdvOnLink on;AdvAutonomous on;};rdnss 2001:db8:cafe:1::1 {};

};

1RWHWKDWWKH%6'RSHUDWLQJV\VWHPVXVHDVXEVWDQWLDOO\GLIIHUHQWV\QWD[

26 | Chapter 3:Resolver Configuration


41/52

CHAPTER 4

DNS64

'XULQJWKHOLNHO\YHU\ORQJWUDQVLWLRQIURP,3YWR,3Y,63VDQGRWKHURUJDQL]DWLRQVZLOO LPSOHPHQW QHZ QHWZRUNV WKDW RQO\ VXSSRUW ,3Y )RU WKH IRUHVHHDEOH IXWXUHWKRXJKFOLHQWVRQWKRVHQHWZRUNVZLOOVWLOOQHHGDFFHVVWRVHUYLFHVHJZHEVLWHVWKDW

GRQW\HWVXSSRUW,3Y1$7DQG'16 DUHDSDLURIFRPSOHPHQWDU\WUDQVLWLRQWHFKQRORJLHVWKDWKHOSSURYLGHWKDWDFFHVV

1$7LVDIXQFWLRQUXQRQDGXDOVWDFNKRVW$1$7VHUYHUDFFHSWVFRQQHFWLRQVIURPFOLHQWVWKDWRQO\VSHDN,3YDQGWKHQXVHVLWVRZQ,3YFRQQHFWLYLW\WRFRPPXQLFDWHZLWK,3YRQO\VHUYHUVRQWKRVHFOLHQWVEHKDOIWKHQFRSLHVGDWDEHWZHHQWKH,3YDQG,3YFRQQHFWLRQVHIIHFWLYHO\EULGJLQJWKH,3YDQG,3YQHWZRUNV7KHFOLHQWVGRQWDFWXDOO\UHDOL]HWKH\UHFRQQHFWLQJWKURXJK1$7WKH\UHOHGWREHOLHYHWKDWWKH,3YRQO\VHUYHUVWKH\ZDQWWRFRPPXQLFDWHZLWKVXSSRUW,3YDQGWKDWWKH\UHWDONLQJGLUHFWO\WRWKHP

+RZLVWKDWPLVGLUHFWLRQDFKLHYHG"7KURXJK'16'16LQSDUWLFXODU7KH,3YRQO\FOLHQWVDUHFRQILJXUHGWRXVHRQHRUPRUHVSHFLDOQDPHVHUYHUVWKDWVXSSRUWWKH'16IXQFWLRQ:KHQRQHRIWKHVHQDPHVHUYHUVUHFHLYHVDTXHU\IURPDFOLHQWIRU$$$$,3YDGGUHVVUHFRUGVIRUVRPHGRPDLQQDPHLWORRNVIRUDQDQVZHUDVLWQRUPDOO\ZRXOG,ILWGRHVQWILQGDQ\VXFKUHFRUGVLWWULHVORRNLQJXS$UHFRUGVIRUWKHVDPHGRPDLQQDPH,ILWILQGVRQHRUPRUH$ UHFRUGVLWGRHVQWUHWXUQWKHPWRWKHFOLHQWZKLFKFDQWXVHWKHPDQ\ZD\DQGZRXOGQWDFFHSWWKHPVLQFHLWDVNHGVSHFLILFDOO\IRU$$$$UHFRUGV,WV\QWKHVL]HVDQHTXDOQXPEHURI$$$$UHFRUGVIURPWKRVH$UHFRUGVHPEHGGLQJWKHELW,3YDGGUHVVHVLQELW,3YDGGUHVVHV1RZWKHFOLHQWEHOLHYHVWKHVHUYHUVXSSRUWV,3YDQGWKDWLWFDQFRPPXQLFDWHZLWKLWGLUHFWO\

7KHFOLHQWWKHQWULHVWRFRQQHFWWRRQHRIWKHVHILFWLRQDOHUV\QWKHVL]HG,3YDGGUHVVHV+RZGRHVWKH1$7VHUYHULQWHUFHSWWKLVWUDIILF"(DV\7KHURXWHWRWKHQHWZRUNRQZKLFKWKHV\QWKHVL]HG,3YDGGUHVVOLHVOHDGVULJKWWRWKH1$7VHUYHU7KH1$7VHUYHUWHUPLQDWHVWKH,3YFRQQHFWLRQH[WUDFWVWKHHPEHGGHG,3YDGGUHVV

1$7DQG'16DUHSURQRXQFHGDV1$7VL[IRXUDQG'16VL[IRXUUHVSHFWLYHO\QRW1$7VL[W\IRXUDQG'16VL[W\IRXU

27


42/52

DQGFRQQHFWVWRWKH,3YVHUYHURQWKH,3YFOLHQWVEHKDOI7KLVSURFHVVLVLOOXVWUDWHGLQ)LJXUH

)LJXUH'16DQG1$7DW:RUN

%,1'YHUVLRQVDQGODWHUVXSSRUW'16ZLWKWKHGQVRSWLRQVVXEVWDWHPHQWGQVVXSSRUWVWKHFRQILJXUDWLRQRIDQ,3YSUHIL[WRZKLFKWKHHPEHGGHG,3YDGGUHVVLVDSSHQGHGDVZHOODVDQRSWLRQDOVXIIL[WKDWLVWKHQDSSHQGHGWRWKH,3YDGGUHVVWRFRPSOHWHWKHELWDGGUHVV7KHSUHIL[LVRIWHQELWVORQJLQZKLFKFDVHQRVXIIL[LVUHTXLUHGRUHYHQSRVVLEOH+HUHVDEDVLFH[DPSOH

dns64 64:ff9b::/96 {suffix ::;

};

DQDOO]HURHVVXIIL[LVWKHGHIDXOWVR\RXFDQOHDYHWKDWVXEVWDWHPHQWRXWLI\RXOLNH

1RZWKHUHDUHJRRGUHDVRQVWKDW\RXPD\QRWZDQWWRDSSO\'16WRHYHU\TXHULHU)RULQVWDQFH\RXPD\KDYHDFRPPXQLW\RIGXDOVWDFNFOLHQWVRQ\RXUQHWZRUN:KHQDVNHGE\DQDSSOLFDWLRQWRILQGWKHDGGUHVVRIDVHUYHUPDQ\VWXEUHVROYHUVRQGXDOVWDFNFOLHQWVZLOOVHQG$$$$TXHULHVEHIRUHWKH\VHQG$TXHULHV:LWK'16HQDEOHGVXFKFOLHQWVZRXOGQHYHUVHHWKH$UHFRUGVRI,3YRQO\VHUYHUV'16ZRXOGDOZD\VUHWXUQ V\QWKHVL]HG $$$$ UHFRUGV WR WKHP HYHQ WKRXJK WKH FOLHQWV ZHUH SHUIHFWO\

28 | Chapter 4:DNS64


43/52

FDSDEOHRIXVLQJWKHVHUYHUV$UHFRUGV7KLVLQWXUQZRXOGVKXQWWUDIILFWKURXJK\RXU1$7LQIUDVWUXFWXUHXQQHFHVVDULO\

7KHGQVVWDWHPHQWVXSSRUWVDFOLHQWVVXEVWDWHPHQWWKDWDOORZV\RXWRVHOHFWZKLFKFOLHQWVWKH'16IXQFWLRQDSSOLHVWR%\GHIDXOW'16DSSOLHVWRDOOFOLHQWVWKDWLV

dns64 64:ff9b::/96 {

clients { any; };};

%XW\RXFDQVSHFLI\DQ\$&/\RXOLNHDVDQDUJXPHQW+HUHVDQH[DPSOH

dns64 64:ff9b::/96 {clients { 2001:db8:cafe:1::/64; };

};

$VDOZD\VLWVDJRRGLGHDWRXVHQDPHG$&/VZKHQHYHUSRVVLEOHIRUFODULW\

7KHUHDUHDOVR,3YQHWZRUNVWKDW\RXPD\QRWZDQWPDSSHGLQWR,3YDGGUHVVHVE\'16)RUH[DPSOHLI\RXUXQD'16IXQFWLRQWRJLYH\RXU,3YRQO\FOLHQWVDFFHVV

WRWKH,3Y,QWHUQHW\RXGRQWZDQWWRHPEHGDQ\5)&DGGUHVVHVWKDWQDPHVHUYHUVRQWKH,QWHUQHWPLJKWLQDGYHUWHQWO\UHWXUQ7RDYRLGWKDWXVHWKH GQVPDSSHGVXEVWDWHPHQW7KLVGQVVWDWHPHQWZRXOGSUHYHQW'16IURPPDSSLQJDGGUHVVHVIRUH[DPSOH

dns64 64:ff9b://96 {mapped { !10/8; any; };

};

2IFRXUVH5)&LQFOXGHVPRUHWKDQMXVW


44/52

VSHFLI\RQHRUPRUH,3YQHWZRUNVRUDGGUHVVHVZKRVHSUHVHQFH'16VKRXOGLJQRUHDQGV\QWKHVL]HQHZ$$$$UHFRUGVDQ\ZD\+HUHVDQH[DPSOH

dns64 64:ff9b::/96 {clients { 2001:db8:cafe:1::/64; };mapped { !10/8; any; };exclude { 64:ff9b::/96; };

};

7KLVWHOOV'16WRLJQRUHDQ\$$$$UHFRUGVWKDWPDSWR,3YDGGUHVVHVRQWKHQHWZRUNIIEDQGWRORRNXS$UHFRUGVIRUWKRVHGRPDLQQDPHVDQGV\QWKHVL]HQHZ$$$$UHFRUGVLQVWHDG

Authoritative Name Servers and DNS64:KDW,YHGHVFULEHGVRIDULV'16DVSHUIRUPHGE\DUHFXUVLYHQDPHVHUYHUEXWDXWKRULWDWLYHQDPHVHUYHUVFDQLPSOHPHQW'16WRR,QIDFWLI\RXFRQILJXUH\RXUQDPHVHUYHUWRGR'16DQGLWVDOVRDXWKRULWDWLYHIRURQHRUPRUH]RQHVLWOODSSO\'16WRTXHULHVLQWKRVH]RQHVE\GHIDXOWWRR,QWKLVFDVHWKHQDPHVHUYHUV\QWKHVL]HV$$$$UHFRUGVIURP$UHFRUGVLQ]RQHVIRUZKLFKLWVDXWKRULWDWLYH2IFRXUVHLWOORQO\GRWKLVLIQR$$$$UHFRUGVH[LVWIRUWKHGRPDLQQDPH

,I\RXZDQWWRUHVWULFW'16WRUHFXUVLYHTXHULHV\RXFDQXVHWKHUHFXUVLYHRQO\VXEVWDWHPHQW

dns64 64:ff9b::/96 {recursive-only yes;

};

7KHGHIDXOWLVWRDSSO\'16WRERWKUHFXUVLYHDQGQRQUHFXUVLYHTXHULHV

Interaction Between DNS64 and DNSSEC$IWHUUHDGLQJDERXW'16WKRVHRI\RXZKRKDYHDOUHDG\UHDG'16DQG%,1'V6HFXULW\FKDSWHUPD\REMHFWGRHVQWWKHPHFKDQLVPZKHQLWVZRUNLQJDVGHVLJQHGEUHDN'166(&"


45/52

$VDVDIHJXDUGKRZHYHUD%,1'QDPHVHUYHUGRHVQWV\QWKHVL]HD$$$$UHVSRQVHLIWKH'166(&2.'2IODJZDVVHWLQWKHTXHU\,QWKLVFDVHWKHFOLHQWTXHU\LQJWKHQDPHVHUYHUFRXOGEHDQRWKHUQDPHVHUYHUFRQILJXUHGWRXVHLWDVDIRUZDUGHUDQGLWPLJKWEHFRQILJXUHGWRSHUIRUPYDOLGDWLRQ7KDWYDOLGDWLRQZRXOGIDLORQDQ\V\QWKHVL]HG$$$$UHFRUG

,I\RXUHUHDOO\ KHOOEHQWRQ UHZULWLQJ HYHQWKRVHUHVSRQVHV \RXFDQXVHWKHEUHDNGQVVHFVXEVWDWHPHQW

dns64 64:ff9b://96 {break-dnssec yes;

};

DNS64 and Reverse Mapping7KHUHVRQHODVWGHWDLORI'16ZRUWKPHQWLRQLQJUHYHUVHPDSSLQJ,IDFOLHQWXVLQJDQDPHVHUYHUFRQILJXUHGWRSHUIRUP'16WULHVWRUHYHUVHPDSDV\QWKHVL]HG,3Y

DGGUHVVZKDWKDSSHQV"7KHQDPHVHUYHULQTXHVWLRQUHVSRQGVZLWKD&1$0(UHFRUGSRLQWLQJWKHGRPDLQQDPHXVHGWRUHYHUVHPDSWKHV\QWKHVL]HG,3YDGGUHVVWKHRQHXQGHU LSDUSDWRWKHGRPDLQQDPHFRUUHVSRQGLQJWRWKHHPEHGGHG,3YDGGUHVVXQGHULQDGGUDUSD6RLIDQ$UHFRUGSRLQWLQJWRV\QWKHVL]HVD$$$$UHFRUGSRLQWLQJWRIIERUIIEFDVDPHWKLQJWKH&1$0(UHFRUGORRNVOLNHWKLV

1.0.0.0.8.a.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.6.4.0.0.ip6.arpa. CNAME1.0.168.192.in-addr.arpa.

7KHUHVXOWLVH[DFWO\ZKDW\RXGZDQWWKHV\QWKHVL]HG,3YDGGUHVVUHYHUVHPDSVWRZKLFKHYHUGRPDLQQDPHWKHHPEHGGHG,3YDGGUHVVPDSVWR

DNS64 and Reverse Mapping | 31


46/52


47/52

CHAPTER 5

Troubleshooting

7URXEOHVKRRWLQJ,3YUHODWHG'16SUREOHPVLVQWPXFKGLIIHUHQWIURPWURXEOHVKRRWLQJRWKHU'16SUREOHPV7KHPDLQWKLQJV\RXQHHGWRNQRZDUHKRZWRVSHFLI\WKH,3YDGGUHVVRIDQDPHVHUYHUWRTXHU\DQGKRZWRIRUZDUGPDSDQGUHYHUVHPDS,3Y

DGGUHVVHV,OOVKRZ\RXKRZWRXVHERWKQVORRNXSDQGGLJWRSHUIRUPWKHVHWDVNV

7KHUHVRQHLPSRUWDQWWKLQJWRNHHSLQPLQGZLWKHLWKHUTXHU\WRROWKH\GHIDXOWWRXVLQJ,3YZKLFKPHDQVWKDWZKHWKHU\RXW\SH QVORRNXSWHUPLQDWRUPRYLHHGXRUGLJZRUPKROHPRYLHHGXWKHSURJUDPZLOOORRNXS$UHFRUGVWKDWLV,3YDGGUHVVHV

QVORRNXSGLVSOD\VWKH!SURPSWLQLQWHUDFWLYHPRGH%\GHIDXOWQVORRNXSZLOOUHDGWKHORFDOKRVWVUHVROYFRQIILOHDQGTXHU\WKHILUVWQDPHVHUYHUOLVWHGLQWKHILOHRULIQRQDPHVHUYHULVVSHFLILHGZLOOWU\TXHU\LQJDQDPHVHUYHURQWKHORFDOKRVWDVWKHORFDOUHVROYHUZRXOG7RFKDQJHWRTXHU\DGLIIHUHQWQDPHVHUYHURYHU,3YXVHWKHVHUYHUFRPPDQG

33


48/52

% nslookup> server 2001:db8:cafe:1::1Default server: 2001:db8:cafe:1:1Address: 2001:db8:cafe:1:1

server terminator.movie.eduDefault server: terminator.movie.eduAddress: 192.249.249.1

:KRRSV/RRNDWWKH$GGUHVVOLQH)RUVLWXDWLRQVOLNHWKLVLWVDJRRGLGHDWRKDYHDVSHFLDOGRPDLQQDPHWKDWSRLQWVRQO\WRWKHQDPHVHUYHUV,3YDGGUHVVOLNHWHUPLQDWRUYPRYLHHGXRUWHUPLQDWRUYPRYLHHGX7KHQWKHVHUYHUFRPPDQGZLOOZRUNQLFHO\

% nslookup> server terminator.v6.movie.eduDefault server: terminator.v6.movie.edu

Address: 2001:db8:cafe:1::1

6SHFLI\LQJWKHQDPHVHUYHUWRTXHU\E\GRPDLQQDPHLVDOLWWOHGDQJHURXVERWKEHFDXVHWKHQDPHPD\QRWPDSWRWKHDGGUHVV\RXH[SHFWDVLQWKHH[DPSOHDERYHDQGEHFDXVHLI\RXUHXVLQJDWURXEOHVKRRWLQJWRROVXFKDVQVORRNXSRUGLJ'16LVSUREDEO\PLVEHKDYLQJDQ\ZD\

7KHODVWWKLQJ\RXZDQWLVWRVSHQGDORWRIWLPHWURXEOHVKRRWLQJDSUREOHPRQO\WRILQGWKDW\RXUHQRWTXHU\LQJWKHQDPHVHUYHU\RXWKRXJKW\RXZHUH6RLI\RXGRVSHFLI\WKHQDPHVHUYHUWRTXHU\E\QDPHGRXEOHFKHFNLWVDGGUHVVDQGLILQGRXEWVSHFLI\WKHQDPHVHUYHUE\DGGUHVVLQVWHDG

,QQVORRNXSVQRQLQWHUDFWLYHPRGH\RXFDQVSHFLI\WKHVHUYHUWRTXHU\DIWHU\RXVSHFLI\WKHGRPDLQQDPHWRORRNXS)RUH[DPSOH

% nslookup -type=aaaa suckerpunch.movie.edu. terminator.v6.movie.edu.

,I\RXZDQWWRVSHFLI\WKHVHUYHUWRTXHU\EXWHQWHULQWHUDFWLYHPRGHMXVWXVHLQSODFHRIWKHGRPDLQQDPHWRTXHU\

% nslookup - terminator.v6.movie.edu.

)LQDOO\WRIRUZDUGPDSDQGUHYHUVHPDS,3YDGGUHVVHVXVHWKHTXHU\W\SHVDDDDDQG

SWUUHVSHFWLYHO\+HUHVKRZ\RXGORRNXSVXFNHUSXQFKPRYLHHGXV,3YDGGUHVV% nslookup> set q=aaaa> suckerpunch.movie.edu.Server: terminator.v6.movie.edu.Address: 2001:db8:cafe:1::1#53

suckerpunch.movie.edu has AAAA address 2001:db8:cafe:f9::d3>

34 | Chapter 5:Troubleshooting


49/52

$QGKHUHVKRZ\RXGUHYHUVHPDSWKHDGGUHVV1RWHWKDW\RXGRQWQHHGWRVSHFLI\WKHTXHU\W\SHH[SOLFLWO\QVORRNXSLVVPDUWHQRXJKWRUHFRJQL]HWKH,3YDGGUHVV 2001:db8:cafe:f9::d3Server: terminator.v6.movie.edu.Address: 2001:db8:cafe:1::1#53

3.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.f.0.0.e.f.a.c.8.b.d.0.1.0.0.2.ip6.arpa name =suckerpunch.movie.edu.

,I\RXUHIHHOLQJPDVRFKLVWLF\RXFRXOGVSHFLI\DOOODEHOVRIWKHGRPDLQQDPHWKDWFRUUHVSRQGVWRWKH,3YDGGUHVVLQZKLFKFDVH\RXPXVWH[SOLFLWO\FKDQJHWKHTXHU\W\SHWRSWU

% nslookup> set type=ptr> 3.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.f.0.0.e.f.a.c.8.b.d.0.1.0.0.2.ip6.arpa.Server: terminator.v6.movie.edu.Address: 2001:db8:cafe:1::1#53

3.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.f.0.0.e.f.a.c.8.b.d.0.1.0.0.2.ip6.arpa name =suckerpunch.movie.edu.

2IFRXUVH\RXFDQDOVRGRWKLVIURPWKHFRPPDQGOLQHOLNHVR

% nslookup -type=aaaa suckerpunch.movie.edu.

DQG

% nslookup 2001:db8:cafe:f9::d3

dig7KHFKLHIGLIIHUHQFHEHWZHHQQVORRNXSDQGGLJLVWKDWGLJKDVQRLQWHUDFWLYHPRGH\RXVSHFLI\HYHU\WKLQJDWWKHFRPPDQGOLQH$QGGLJLVVPDUWHQRXJKLQPRVWFDVHVWRGLIIHUHQWLDWHEHWZHHQGRPDLQQDPHVDQGUHFRUGW\SHVVR\RXFDQVSHFLI\WKRVHLQZKLFKHYHURUGHU\RXOLNH7RTXHU\D QDPHVHUYHURWKHUWKDQWKHILUVWRQHLQUHVROYFRQIW\SHDQ#IROORZHGE\LWVGRPDLQQDPHRU,3DGGUHVV$V,PHQWLRQHGHDUOLHULI\RXXVHDGRPDLQQDPHWKDWRZQVERWK$$$$DQG$UHFRUGVUHFHQWYHUVLRQVRIGLJZLOOXVHWKH,3YDGGUHVVVR

% dig @terminator.movie.edu. soa movie.edu.

KDVWKHVDPHHIIHFWDV

% dig @2001:db8:cafe:1::1 soa movie.edu.

7RORRNXSD$$$$UHFRUGMXVWVSHFLI\DDDDRQWKHFRPPDQGOLQH

% dig aaaa suckerpunch.movie.edu.

dig | 35


50/52

RU

% dig suckerpunch.movie.edu. aaaa

(LWKHUZD\WKHRXWSXWZLOOORRNVRPHWKLQJOLNHWKLV

; DiG 9.8.0 suckerpunch.movie.edu. aaaa;; global options: +cmd

;; Got answer:;; ->>HEADER


51/52

7KHQFRS\WKHRZQHUQDPHIURPWKHOLQHEHORZ;; QUESTION SECTIONDQGSDVWHLWLQWR\RXU]RQHGDWDILOH

/LNHQVORRNXSGLJGLJVWKHDEEUHYLDWHGIRUPRIWKH,3YDGGUHVV,I\RXZDQWWRGRLWWKHKDUGZD\\RXOOKDYHWRVSHFLI\WKH375TXHU\W\SHRQWKHFRPPDQGOLQH

% dig ptr 3.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.f.0.0.e.f.a.c.8.b.d.0.1.0.0.2.ip6.arpa.

dig | 37


52/52

[itpub.net]dns and bind on ipv6

Documents