• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

How do you add IPv6 DNS Servers to Cisco IOS configuration?

Started by PatrickDickey, May 02, 2011, 03:22:48 PM

Previous topic - Next topic

PatrickDickey

I've got my Cisco 25xx router set up and working with my tunnelbroker tunnel.  Now that OpenDNS is offering IPv6 DNS Services (finally), I want to specify them as my DNS servers.  Do I need to change this in my details on Tunnelbroker, or add them to my router configuration somewhere?

Here's the current (example) configuration for Cisco IOS

configure terminal
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 enable
ipv6 address 2001:470:1f10:830::2/64
tunnel source 67.7.29.67
tunnel destination 209.51.181.2
tunnel mode ipv6ip
ipv6 route ::/0 Tunnel0
end
write


If I need to add it in the configuration, please tell me where (whether it's in the int tunnel0 or another portion).

Have a great day:)
Patrick.

cholzhauer

Do you want to use OpenDNS for forward or reverse lookups?

If it's for reverse lookups, you need to specify that on your tunnel details page.  If it's for forward lookups, you just need to open whatever console/webpage they have and input your details

PatrickDickey

Quote from: cholzhauer on May 02, 2011, 05:45:47 PM
Do you want to use OpenDNS for forward or reverse lookups?

If it's for reverse lookups, you need to specify that on your tunnel details page.  If it's for forward lookups, you just need to open whatever console/webpage they have and input your details

I'm not sure actually.  Their announcement only lists the two IP Addresses for their DNS Service.  They don't discuss configuring it in their system (after you've logged in).  However I currently use their IPv4 for both my local network and for DNS outside.

Here's a link to their page http://www.opendns.com/ipv6/  They essentially say "You need to set up a tunnel (using tunnelbroker) and then configure your router to use these servers."  I haven't seen anywhere that actually lists how to configure the router to use the settings though.

Have a great day:)
Patrick.

cholzhauer

That looks like it's for reverse DNS

Login to your tunnel page and input those two IP addresses where it asks for RNDS servers

That service will tie a name to an IP address eg 2001:db8:1234:5678::1 = text.example.com

PatrickDickey

Quote from: cholzhauer on May 03, 2011, 07:28:50 AM
That looks like it's for reverse DNS

Login to your tunnel page and input those two IP addresses where it asks for RNDS servers

That service will tie a name to an IP address eg 2001:db8:1234:5678::1 = text.example.com

Ok, so I added the two addresses under the rDNS section of my account (about 5 hours ago).  When I go to http://www.test-ipv6.com and run their tests, I get this for my DNS test result:

QuoteYour DNS server (possibly run by your ISP) appears to have no access to the IPv6 internet, or is not configured to use it. This may in the future restrict your ability to reach IPv6-only sites. [more info]

So, either it takes a long time to update my DNS on my computer/network, I have to manually restart the networking to get it to update, or that wasn't what I needed to do.  I'm not sure.

What I do know is that I need to configure my computers to look at the servers listed on opendns' site for IPv6 DNS. I need to do this on my Cisco 2511 router (as that's what provides my endpoint for the network).  And apparently I need to do something else, if it's properly configured (via the account page), to get my network/router to see the proper servers.

Have a great day:)
Patrick.

cholzhauer

You don't need to do anything in the configuration on your end.

By you setting the IP addresses on your tunnel page, you're telling everyone who asks that they need to go ask OpenDNS for your RDNS info.

If you give me a couple of IP addresses, I can query to see what the results are.

jgeorge

Quote from: PatrickDickey on May 03, 2011, 06:41:45 PM
Ok, so I added the two addresses under the rDNS section of my account (about 5 hours ago).  When I go to http://www.test-ipv6.com and run their tests, I get this for my DNS test result:

QuoteYour DNS server (possibly run by your ISP) appears to have no access to the IPv6 internet, or is not configured to use it. This may in the future restrict your ability to reach IPv6-only sites. [more info]

Hey Patrick,

Just to clarify, since I don't think I've actually seen this in this thread so far...


1) Are you wanting to use OpenDNS IPv6 service as a DNS *service* for your network? (You said you were using their IPv4 DNS service so I'm presuming "yes")
2) Are you using OpenDNS as YOUR dns service for YOUR domain? Right now, your domain that you own uses OpenDNS for name service? If you do a whois on your domain, you get back OpenDNS servers in the response?


The "rDNS" delegations in your tunnel setup page are you telling HE where to look for reverse DNS for the IP addresses in your domain. Don't point it to OpenDNS if they don't actually provide DNS for your domain, you need to point the rDNS delegations to whoever you're using to *provide* IPv6 DNS for your network, not who you use to *look up* DNS from your network.

Putting anything in the rDNS section of your tunnel doesn't change who the rest of the internet looks to for your actual forward DNS service.

If test-ipv6 is saying your DNS provider doesn't have IPv6 access, look to who your domain is using for DNS service (do a whois on your domain name), that's the info that test-ipv6 is complaning about.

Sorry if this seems needlessly basic, I'm just trying to make sure I understand that what you're wanting to do and what you're actually asking about are really related items, and it's not clear from this thread so far. :-)

Cheers,

Joe

PatrickDickey

Quote from: jgeorge on May 04, 2011, 08:15:37 AM
Quote from: PatrickDickey on May 03, 2011, 06:41:45 PM
Ok, so I added the two addresses under the rDNS section of my account (about 5 hours ago).  When I go to http://www.test-ipv6.com and run their tests, I get this for my DNS test result:

QuoteYour DNS server (possibly run by your ISP) appears to have no access to the IPv6 internet, or is not configured to use it. This may in the future restrict your ability to reach IPv6-only sites. [more info]

Hey Patrick,

Just to clarify, since I don't think I've actually seen this in this thread so far...


1) Are you wanting to use OpenDNS IPv6 service as a DNS *service* for your network? (You said you were using their IPv4 DNS service so I'm presuming "yes")
2) Are you using OpenDNS as YOUR dns service for YOUR domain? Right now, your domain that you own uses OpenDNS for name service? If you do a whois on your domain, you get back OpenDNS servers in the response?


The "rDNS" delegations in your tunnel setup page are you telling HE where to look for reverse DNS for the IP addresses in your domain. Don't point it to OpenDNS if they don't actually provide DNS for your domain, you need to point the rDNS delegations to whoever you're using to *provide* IPv6 DNS for your network, not who you use to *look up* DNS from your network.

Putting anything in the rDNS section of your tunnel doesn't change who the rest of the internet looks to for your actual forward DNS service.

If test-ipv6 is saying your DNS provider doesn't have IPv6 access, look to who your domain is using for DNS service (do a whois on your domain name), that's the info that test-ipv6 is complaning about.

Sorry if this seems needlessly basic, I'm just trying to make sure I understand that what you're wanting to do and what you're actually asking about are really related items, and it's not clear from this thread so far. :-)

Cheers,

Joe


Hi Joe,

To answer your questions.  #1 is Yes  #2 is No.  If you do a DNS search on my domain (dickeyhome.homesever.com) it replies from Microsoft, as I have one of their Windows Home Servers.  So I don't need an rDNS entry listed.  I'm a home user, who has a Cisco 2511 router and 2950XL switch running his network.

I should have clarified that one of OpenDNS' features is that you can use them for your internal DNS lookup as well as external DNS lookup.  That's what I meant in my original post about using both their DNS service for my local network as well as outside.

So yes, I need to know how to tell my computers to ask OpenDNS for their IPv6 requests (#1 above).

Thanks, and have a great day:)
Patrick.

jgeorge

Quote from: PatrickDickey on May 04, 2011, 02:09:56 PM
I should have clarified that one of OpenDNS' features is that you can use them for your internal DNS lookup as well as external DNS lookup.  That's what I meant in my original post about using both their DNS service for my local network as well as outside.

Okay, I didn't know OpenDNS did that. I have a basic account on OpenDNS and I didn't see anywhere they they'd do DNS for your internal network.

I presume that they'll offer this service for IPv6 eventually, but there's nothing in their announcement that seems to indicate it's part of the current sandbox.  Obviously they'd be the best people to ask about it than us, but for your question I think you'd be able to put IPv6 nameservers in the same place that you put the IPv4 ones. I don't know the router specifically unfortunately.

Cheers,

Joe

PatrickDickey

Quote from: jgeorge on May 04, 2011, 03:36:08 PM
Quote from: PatrickDickey on May 04, 2011, 02:09:56 PM
I should have clarified that one of OpenDNS' features is that you can use them for your internal DNS lookup as well as external DNS lookup.  That's what I meant in my original post about using both their DNS service for my local network as well as outside.

Okay, I didn't know OpenDNS did that. I have a basic account on OpenDNS and I didn't see anywhere they they'd do DNS for your internal network.

I presume that they'll offer this service for IPv6 eventually, but there's nothing in their announcement that seems to indicate it's part of the current sandbox.  Obviously they'd be the best people to ask about it than us, but for your question I think you'd be able to put IPv6 nameservers in the same place that you put the IPv4 ones. I don't know the router specifically unfortunately.

Cheers,

Joe


Hi Joe,

I have their basic account also. So I may be misinterpreting something on their site.  Anyhow, the problem with the nameservers is this. My router is providing DHCP for my home network. However, Tunnelbroker is providing my IPv6 DHCP for the network. So, I'm not sure if I need to specify the nameservers in the tunnel interface, in another portion of the configuration, or on Tunnelbroker's site somewhere.  I may try putting them into the config file in the same area as my IPv4 nameservers.

Thanks and have a great day:)
Patrick.

jgeorge

Quote from: PatrickDickey on May 04, 2011, 03:40:02 PMI have their basic account also. So I may be misinterpreting something on their site.

If you have a link anywhere that you're looking at, please feel free to share and we'll help figure out what it is they're talking about. :) I just don't see where OpenDNS offers that kinda service.

QuoteMy router is providing DHCP for my home network. However, Tunnelbroker is providing my IPv6 DHCP for the network.

HE doesn't do DHCPv6. What you're seeing here is the spiffy Stateless Address Auto-Configuration that IPv6 gives you. On an IPv6 network, nodes will automatically assign themselves an IPv6 address (typically based on the MAC address of the interface, but it can be munged for privacy, which Windows does by default). So the addresses you're seeing are actually coming from your own local network's autoconfig, not HE.

Do you have a specific domain that you're using? Or are you looking at DNS for just your internal (private?) address space? Are you looking for the ability to do DNS lookups on your home machines from elsewhere on the internet?

Cheers,
Joe

PatrickDickey

I'm looking for the ability to resolve any hostname to it's IPv6 address (at least any that have IPv6 enabled right now).  So, if I type www.yoursite.com into my browser, and yoursite.com has an IPv6 address, it will be found.  As for the OpenDNS and my local network, that's not really an issue.  I think I'm a bit confused on how my computers are getting their IPv6 addresses then (and not that it pertains to this, but I have both Linux and Windows machines running).

Here's my config (redacted as far as passwords go) for my Router.  I figure this is the best way to get the right information in the right place.

Building configuration...

Current configuration : 4920 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname DCKY-ROUTER
!
boot-start-marker
boot-end-marker
!
enable secret 5
!
no aaa new-model
ip subnet-zero
ip cef
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.2
ip dhcp excluded-address 192.168.2.80
ip dhcp excluded-address 192.168.2.3
ip dhcp excluded-address 192.168.2.4
ip dhcp excluded-address 192.168.2.254
!
ip dhcp pool internal-network
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
   dns-server 208.67.222.222 208.67.220.220
!
vpdn enable
!
vpdn-group 1
request-dialin
  protocol pppoe
!
ipv6 unicast-routing
!
!
!
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:1F10:830::2/64
ipv6 enable
tunnel source Dialer1
tunnel destination 209.51.181.2
tunnel mode ipv6ip
!
interface Ethernet0
description My LAN Interface
ip address 192.168.2.1 255.255.255.0
ip nat inside
no ip mroute-cache
ipv6 address 2001:470:1F11:830::/64 eui-64
ipv6 enable
no cdp enable
!
interface Ethernet1
description Physical ADSL Interface (Facing the ISP)
no ip address
no ip mroute-cache
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!         
interface Serial0
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Serial1
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Dialer1
description Logical ADSL Interface
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 7
ppp pap sent-username  password 7
!
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source static tcp 192.168.2.80 10000 interface Dialer1 10000
ip nat inside source static udp 192.168.2.80 10000 interface Dialer1 10000
ip nat inside source static udp 192.168.2.80 80 interface Dialer1 8080
ip nat inside source static tcp 192.168.2.80 80 interface Dialer1 8080
ip nat inside source static udp 192.168.2.254 8333 interface Dialer1 8333
ip nat inside source static udp 192.168.2.254 8222 interface Dialer1 8222
ip nat inside source static tcp 192.168.2.254 8222 interface Dialer1 8222
ip nat inside source static tcp 192.168.2.254 8333 interface Dialer1 8333
ip nat inside source static tcp 192.168.2.254 4125 interface Dialer1 4125
ip nat inside source static tcp 192.168.2.254 443 interface Dialer1 443
ip nat inside source static tcp 192.168.2.254 80 interface Dialer1 80
ip nat inside source static tcp 192.168.2.8 44002 interface Dialer1 44002
ip nat inside source static tcp 192.168.2.8 6900 interface Dialer1 6900
ip nat inside source static tcp 192.168.2.8 6890 interface Dialer1 6890
ip nat inside source static tcp 192.168.2.8 6891 interface Dialer1 6891
ip nat inside source static tcp 192.168.2.8 6892 interface Dialer1 6892
ip nat inside source static tcp 192.168.2.8 6893 interface Dialer1 6893
ip nat inside source static tcp 192.168.2.8 6894 interface Dialer1 6894
ip nat inside source static tcp 192.168.2.8 6895 interface Dialer1 6895
ip nat inside source static tcp 192.168.2.8 6896 interface Dialer1 6896
ip nat inside source static tcp 192.168.2.8 6897 interface Dialer1 6897
ip nat inside source static tcp 192.168.2.8 6898 interface Dialer1 6898
ip nat inside source static tcp 192.168.2.8 6899 interface Dialer1 6899
ip nat inside source static udp 192.168.2.8 6890 interface Dialer1 6890
ip nat inside source static udp 192.168.2.8 6891 interface Dialer1 6891
ip nat inside source static udp 192.168.2.8 6892 interface Dialer1 6892
ip nat inside source static udp 192.168.2.8 6893 interface Dialer1 6893
ip nat inside source static udp 192.168.2.8 6894 interface Dialer1 6894
ip nat inside source static udp 192.168.2.8 6895 interface Dialer1 6895
ip nat inside source static udp 192.168.2.8 6896 interface Dialer1 6896
ip nat inside source static udp 192.168.2.8 6897 interface Dialer1 6897
ip nat inside source static udp 192.168.2.8 6898 interface Dialer1 6898
ip nat inside source static udp 192.168.2.8 6899 interface Dialer1 6899
ip nat inside source static udp 192.168.2.8 6900 interface Dialer1 6900
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
access-list 10 permit 192.168.2.0 0.0.0.255
access-list 10 permit 192.168.3.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
ipv6 route ::/0 Tunnel0
!
!
line con 0
session-timeout 60
exec-timeout 120 0
password 7
session-disconnect-warning 120
login
stopbits 1
line aux 0
line vty 0 4
exec-timeout 0 0
password 7
no login
length 0
!
scheduler max-task-time 5000
end



So, given my current configuration, how do I specify what nameservers to use for IPv6 resolving?

Thanks, and have a great day:)
Patrick.

jgeorge

So what you want is actually the easiest of the possible configurations we've all been discussing. :-)

The only thing missing is syntax, and I think you probably already know it.

If you want the ability to do IPv6 DNS lookups for sites that AAAA addresses, as well as the existing ability to do IPv4 DNS for IPv4 addresses, all you have to do is add OpenDNS' IPv6 nameservers in the same place that you have their IPv4 nameservers defined.

I don't know how it works on your router, but in a couple of places I've tried, I've just defined both IPv4 and IPv6 nameservers in the same place. You'll use whichever one you need more or less automagically (I'll let someone who's had a shorter day than I have bother with the technical explanation - suffice it to say if you ask for an AAAA record your router *should* know to look at an IPv6 addressed nameserver for it)

On my Mac here, I have this DNS set up:
208.67.222.222
208.67.220.220
2620:0:ccc::2
2620:0:ccd::2

and nothing else changed from my regular setup.  I cna look up both IPv6 and IPv4 addresses, using OpenDNS' nameservers, and Life is Good. :-)

Cheers,

Joe

PatrickDickey

Thanks again, Joe. I actually found the answer (maybe) in another thread that I started.  A person replied with some Cisco documents, and in checking those, I found this nugget:

Quote
Specifying a Name Server

To specify one or more hosts (up to six) that can function as a name server to supply name information for the DNS, use the following command in global configuration mode:


Command   Purpose
Router(config)# ip name-server server-address1 [server-address2...server-address6]
Specifies one or more hosts that supply name information.

Note    The server-address argument can be either an IPv4 or IPv6 address.

I put this in for mine
ip name-server 208.67.222.222 208.67.220.220 2620:0:ccc::2 2620:0:ccd::2


and it shows up as this:

ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip name-server 2620:0:CCC::2
ip name-server 2620:0:CCD::2


So, I think I'm set.  I'll try it out shortly, and if that works, I'll mark the thread as solved.  Realizing that I may have to do networking restart to get everything working though.

Have a great day:)
Patrick.

NewtonNet

Hi Patrick,

How did you get on with this issue?

As far as my understanding goes, the 'ip name-server' command is to enable the router to perform DNS lookups, and is not used (passed) to the client to use. For IPv4 DHCP this is instead done with the 'dns-server' sub-command within 'ip dhcp' and so I am curious how to achieve similar with IPv6.

Unfortunately I don't have any kit to hand to test this out right now hence why I am curious as to how you got on.

Mathew