Use Domain Name System and IP Version 6

By | December 21, 2013

The introduction of IP Version 6 (IPv6) into an enterprise environment requires some changes both in the provisioned Domain Name System (DNS) data and in the way the data is provisioned. This document explains the changes needed.

To use IPv6 with DNS, you need to perform a series of tasks, explained here. The document also explains some DNS-specific terms and processes, but the reader of this document is expected to already have a working DNS set up for IPv4 and a basic knowledge of DNS. For more information about DNS

Basic Steps

You need to perform the following nine steps to use IPv6 with DNS:

1. Add AAAA records in your DNS server for the hostnames of the devices that can be reached through the IPv6 protocol.

2. Add pointer (PTR) records in your DNS server for the IP addresses of the devices that can be reached through the IPv6 protocol.

3. Enable IPv6 access to the authoritative DNS servers. Be sure that TCP/53 and UDP/53 can be accessed through IPv6.

4. Enable IPv6 connectivity to the external full-service resolvers that send DNS queries to authoritative servers in the world.

5. Make sure that the full-service resolver is configured with both IPv4 and IPv6 glue for the root servers in the world.

6. Enable IPv6 on the recursive resolver so that it responds to DNS requests over IPv6 as well as IPv4.

7. Enable IPv6 on the node that sends queries so that it can send DNS requests to the recursive resolver.

8. Configure the stub resolver on the node that sends queries so that it uses IPv6 to send DNS queries, either statically or using Dynamic Host Configuration Protocol Version 6 (DHCPv6).

9. Review policies for flows and make sure that both TCP/53 and UDP/53 can be accessed over IPv4 and IPv6.

Using DNS and IPv6
Normally, DNS involves three hosts: the client that runs an application that needs the address for given a hostname, the intermediary server that responds to this query and acts as a proxy, and the authoritative server that holds the authoritative data.

Queries can be sent either with a request from the client that the server provide recursion, or without such a request. If recursion is requested, the server can choose to deny this request. A client that runs an application the needs responses normally runs a resolver, which always requests recursion. This so-called stub resolver is configured (often through DHCP) with the IP address of the intermediary server that acknowledges this request. This intermediary is configured with the IP addresses of the root servers in the world and implements recursion by repeatedly sending the queries first to the root servers and then to whomever the root server refers the query. The intermediary (also called the full-service resolver) sends the queries without requesting recursion.

An intermediary server can use a forwarder, in turn using another intermediary server for all its queries. This process can be performed in many steps.

When a client sends a request to a server and the client does not request recursion, instead of responding with a response the server may send back one or more same server (NS) records. This record includes the hostname of a name server that, as far as the responding server knows, has the answer to the query. The client then resends the query to the host to which the name server record refers, and this may in turn result in a response with name server records. This repeated querying is called recursion.
ipv6 & Dns