Now we would like to do the following: 1. Make our nameservers listen on IPv6 2. Add v6 addresses to the nameservers in our zone, so they can receive v6 traffic 3. Add v6 addresses to the host records, for example "www AAAA", etc... 1. Make our nameservers listen on IPv6 a) on "auth1.grpX (BIND)'s named.conf, in the options section, add: listen-on-v6 { any; }; (Remember to restart named!) b) on "resolv.grpX" (Unbound)'s unbound.conf, in the "server:" section, add the following parameters (in the correct locations - if necessary, search in the configuration file to place them correctly) do-ip6: yes interface: ::0 interface: 0.0.0.0 access-control: fdba:dc55:48c7::/64 allow (Remember to restart unbound!) c) on "auth1.grpX" (NSD), edit nsd.conf, and in the "server:" section, add the following parameters: ip-address: fdba:dc55:48c7::XX:YY (remember to replace XX:YY with your group and IP for the auth server) 2. Now, we need to test that all your machines have IPv6 addresses in the DNS Your machines are called : auth1.grpX.dns.nsrc.org resolv.grpX.dns.nsrc.org auth2.grpX.dns.nsrc.org Since they are in the "dns.nsrc.org" zone, you don't need to do anything here :) The instructor will modify the dns.nsrc.org zone, and add the v6 address you have configured on eth0, to the DNS record for "auth1.grpX.dns.nsrc.org" and "auth1.grpX.dns.nsrc.org" and "resolv.grpX.dns.nsrc.org". But test that you can "dig AAAA auth1.grpX.dns.nsrc.org" and see what you get... 3. Add IPv6 records (AAAA) for the names in your zone, like www, etc... You will need to add IPv6 AAAA records to all your hosts you find in your zones. If they have an A record, also add the corresponding AAAA record. You can then start to use dig and see if you can find some TLDs in the class that have AAAA records for their "www" host, for their NSes, etc... 4. Try and ping other people's hosts in the room using v6. Use dig to connect to other people's nameservers, and verify that they: - answer in IPv6 - have an IPv6 record for their name - provide DNS answer with IPv6 addresses! Some sample commands: # dig AAAA auth1.grpX.dns.nsrc.org Try and ping these hosts: # ping6 auth1.dns.nsrc.org # ping6 auth2.dns.nsrc.org # ping6 auth1.grpX.dns.nsrc.org Try performing DNS queries in v6 against auth1 + auth2: # dig -6 @auth1.dns.nsrc.org dns.nsrc.org ns # dig -6 @auth2.dns.nsrc.org dns.nsrc.org ns *** ABOUT GLUE RECORDS AND IPv6 *** *** THIS SECTION IS ONLY RELEVANT IF YOU HAVE DECLARED DNS *** *** SERVERS WITH NAMESERVERS *INSIDE* YOUR ZONE, E.G. *** *** "NS.MYTLD." INSTEAD OF "AUTH1.GRPX.DNS.NSRC.ORG" *** For example, in the parent zone 'nsrc.org' we have: dns.nsrc.org. NS auth1.dns.nsrc.org. NS auth2.dns.nsrc.org. Since auth1.ws and auth2.ws are IN the zone being delegated, then we need to add glue records! ; v4 GLUE records auth1.dns.nsrc.org. A 10.20.0.234 auth2.dns.nsrc.org. A 10.20.0.235 In the same way, we will need IPbv6 glue records: ; v6 GLUE records auth1.dns.nsrc.org. AAAA fdba:dc55:48c7::234 auth2.dns.nsrc.org. AAAA fdba:dc55:48c7::235 In the child zone 'dns.nsrc.org', we will need to declare these hosts as well. In fact, as explained in class, you MUST declare them otherwise you will experience strange problems with resolution: dns.nsrc.org. SOA ... NS auth1 NS auth2 auth1 A 10.20.0.234 AAAA fdba:dc55:48c7::234 auth2 A 10.20.0.235 AAAA fdba:dc55:48c7::235 In your zone "MYTLD", you MAY or MAY NOT have used NSes IN your zone. - If you did (i.e.: ns1.MYTLD for example) ... then you need to ADD the IPv6 records for the nameservers you declared, the same way we have done for auth1 and auth2.