We're starting down the path towards IPv6, and it looked like the first real task for me was to add IPv6 to an existing DNS server. Fortunately, with all the interruptions this morning, it turned out to be an easy task (and I had backup). I started on a name server that's maintained like all the others, running ISC bind like all the others, but hasn't been publicized so I could blow it up if needed.
First, make sure this server has an IPv6 address so it can serve DNS on that address so you can test it.
Then go to the options section of named.conf to add the following line:
listen-on-v6 { any; };
I already had a few AAAA records in our DNS, so I didn't have to add one to test. Restart named, and test it with a command like host -6 -t aaaa pickanipv6hostname ::1 to be sure it returns the IPv6 address for pickanipv6hostname. The host -6 part sends the request over IPv6, the -t aaaa requests just the AAAA type record, and ::1 uses the IPv6 localhost connection to that name server but you could use any other valid IPv6 address.
Here's a simpler example using host to retrieve an IPv6 address.
$ host -t aaaa ipv6.he.net
ipv6.he.net has IPv6 address 2001:470:0:64::2
Since I was already messing around in named.conf, I added our IPv6 space to the internal ACL. I didn't add link-local or ULA ranges since the link-locals won’t leave their VLAN, and we’re not using ULA (yet?) although that’s a clear range that can’t be routed on the Internet.
Although the DNS side was easy, I did hit two problems related to IPv6. The first was that this server couldn't leave its VLAN via IPv6; that was fixed by alerting the router guy who brought up OSPFv3. I could ping my gateway, but an IPv6 host in another VLAN couldn't ping that gateway. The other problem was that my ip6tables didn't allow DNS, and that's most easily fixed with something like ufw to make ip6tables allow what services iptables allows. So, like I said, I did it in an afternoon, and it really wasn't hard.
No comments:
Post a Comment