Agenda: dns-enabling-ipv6-service.txt

File dns-enabling-ipv6-service.txt, 4.0 KB (added by trac, 5 years ago)
Line 
1Now we would like to do the following:
2
31. Make our nameservers listen on IPv6
42. Add v6 addresses to the nameservers in our zone, so they can receive
5   v6 traffic
63. Add v6 addresses to the host records, for example "www   AAAA",
7   etc...
8
9
101. Make our nameservers listen on IPv6
11
12    a) on "auth1.grpX (BIND)'s named.conf, in the options section, add:
13
14        listen-on-v6 { any; };
15
16        (Remember to restart named!)
17   
18    b) on "resolv.grpX" (Unbound)'s unbound.conf, in the "server:" section, add
19       the following parameters (in the correct locations - if necessary,
20       search in the configuration file to place them correctly)
21   
22        do-ip6: yes
23        interface: ::0
24        interface: 0.0.0.0
25        access-control: fdba:dc55:48c7::/64 allow
26
27        (Remember to restart unbound!)
28
29    c) on "auth1.grpX" (NSD), edit nsd.conf, and in the "server:" section, add
30       the following parameters:
31
32        ip-address: fdba:dc55:48c7::XX:YY
33
34        (remember to replace XX:YY with your group and IP for the auth server)
35
362. Now, we need to test that all your machines have IPv6 addresses in the DNS
37
38Your machines are called :
39
40    auth1.grpX.dns.nsrc.org
41    resolv.grpX.dns.nsrc.org
42    auth2.grpX.dns.nsrc.org
43
44Since they are in the "dns.nsrc.org" zone, you don't need to do anything here :)
45The instructor will modify the dns.nsrc.org zone, and add the v6 address you
46have configured on eth0, to the DNS record for "auth1.grpX.dns.nsrc.org" and
47"auth1.grpX.dns.nsrc.org" and "resolv.grpX.dns.nsrc.org".
48
49But test that you can "dig AAAA auth1.grpX.dns.nsrc.org" and see what
50you get...
51
52
533. Add IPv6 records (AAAA) for the names in your zone, like www, etc...
54
55  You will need to add IPv6 AAAA records to all your hosts
56  you find in your zones. If they have an A record, also add the
57  corresponding AAAA record.
58
59  You can then start to use dig and see if you can find some
60  TLDs in the class that have AAAA records for their "www" host,
61  for their NSes, etc...
62
634. Try and ping other people's hosts in the room using v6.
64
65    Use dig to connect to other people's nameservers, and verify that
66    they:
67
68    - answer in IPv6
69    - have an IPv6 record for their name
70    - provide DNS answer with IPv6 addresses!
71
72    Some sample commands:
73
74
75    # dig AAAA auth1.grpX.dns.nsrc.org
76
77    Try and ping these hosts:
78
79    # ping6 auth1.dns.nsrc.org
80    # ping6 auth2.dns.nsrc.org
81    # ping6 auth1.grpX.dns.nsrc.org
82
83    Try performing DNS queries in v6 against auth1 + auth2:
84
85    # dig -6 @auth1.dns.nsrc.org dns.nsrc.org ns
86    # dig -6 @auth2.dns.nsrc.org dns.nsrc.org ns
87
88
89
90
91***              ABOUT GLUE RECORDS AND IPv6               ***
92*** THIS SECTION IS ONLY RELEVANT IF YOU HAVE DECLARED DNS ***
93*** SERVERS WITH NAMESERVERS *INSIDE* YOUR ZONE, E.G.      ***
94***   "NS.MYTLD." INSTEAD OF "AUTH1.GRPX.DNS.NSRC.ORG"     ***
95
96
97For example, in the parent zone 'nsrc.org' we have:
98
99dns.nsrc.org.        NS  auth1.dns.nsrc.org.
100                    NS  auth2.dns.nsrc.org.
101
102    Since auth1.ws and auth2.ws are IN the zone being
103    delegated, then we need to add glue records!
104
105; v4 GLUE records
106auth1.dns.nsrc.org.            A   10.20.0.234
107auth2.dns.nsrc.org.            A   10.20.0.235
108
109    In the same way, we will need IPbv6 glue records:
110
111; v6 GLUE records
112auth1.dns.nsrc.org.            AAAA    fdba:dc55:48c7::234
113auth2.dns.nsrc.org.           AAAA    fdba:dc55:48c7::235
114
115    In the child zone 'dns.nsrc.org', we will need to declare these
116    hosts as well.  In fact, as explained in class, you MUST declare
117    them otherwise you will experience strange problems with resolution:
118
119dns.nsrc.org.        SOA ...
120
121                    NS  auth1
122                    NS  auth2
123
124auth1             A    10.20.0.234
125                  AAAA fdba:dc55:48c7::234
126auth2             A    10.20.0.235
127                  AAAA fdba:dc55:48c7::235
128
129In your zone "MYTLD", you MAY or MAY NOT have used NSes IN your zone.
130
131- If you did (i.e.: ns1.MYTLD for example)
132
133... then you need to ADD the IPv6 records for the nameservers you declared,
134the same way we have done for auth1 and auth2.