DNS Issues Within Native IPv6 GEANT GEANT-TF, Amsterdam, 06/06/2003
Getting Reverse Delegations Still a good idea to have delegations on ip6.arpa. and on ip6.int. (some applications use it) From DANTE (2001:798::/32 space) Ask dante-operations? From RIPE (Your LIR space) Configure the zones on servers Insert domain objects to Forward to MARVIN (robot) answers Zone is analyzed If approved, an hostmaster delegates the zone You can !
Software Microsoft’s clients don’t use IPv6 transport to access name resolvers: Don’t expect to do much with an IPv6-only MS client... Any news about this? BIND (Server) (9.2.1 bugs corrected) – March 2003 and upcoming IPv6 support will show up in 8.4.x versions too
Configs BIND: options { listen-on-v6 {any; }; # enable ipv6 sockets version “IPv6 Compliant” # hide version :-) } IPv6-only servers are a bad idea? IPv4 transport needed to exchange information with other DNS servers?
Configs/Authority - Examples .fr (only 2 secondaries) ns03.nic.fr ns-ext.vix.com .nl (only 1 secondary) ns.ripe.net .pt (only 2 secondary) ns-ext.vix.com ns2.dns.pt (last week) ccTLD SOA’s dual-stacked... none??? usually ccTLD zones have 5-7 nameservers... Long, long way to go...
Root Zone – v6 status F.root-servers.net and H.root-servers.net already have v6 transport: 2001:500::1035 (ISC/AS3557) 2001:500:1::803f:235 (US Army/AS13) Heard a rumour about K (London) and M (Tokyo) soon Bad thing!?: inside ARIN’s MicroAllocation Pool URL: Still no AAAA record in «.» zone (use «dig») At RIPE-45, IANA folks said they are working on it!!!
Name resolving fallback Fallback to IPv4 through DNS, only occurs when no AAAA records exist Possible Danger here: If you insert an AAAA record «on top of an A record» for a service (e.g. www), the v6 address will always have to be reachable. If not: «new version protocol denial of service» against all v6 enabled clients. Lesson is: All the v6 infrastructure must have the same reliability level than v4.
The end… Links – (dual-stack) –