• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

dns ipv6 domains

Started by NCFTA, March 31, 2010, 08:03:34 AM

Previous topic - Next topic

NCFTA

Hi.

Well my HE tunnel is up and running. All the IPv6 addresses I've tried work if I type them in my browser using the http://[xxxx::] to give the URL.  I can also use PING6 from the command line (Ubuntu) to ping6 the addresses.  But I can't get domain names to resolve.  I have a Cisco router on which I've set up the tunnel and entered the HE IPv6 DNS as well as the Google public DNS (which I thought handled AAAA).  I can ping them from my hosts on the LAN or from my router.

Is my problem a configuration in my OS, my browser, or my router?  I can use the HE "anycasted caching name-server" as my default name-server for my hosts and it should work right?  I'm planning on building my own local DNS server, but until then I wanted to use the public google and HE ones.  Any ideas? 

cholzhauer

Quote
I've set up the tunnel and entered the HE IPv6 DNS as well as the Google public DNS (which I thought handled AAAA)

Where did you enter that information?

What are you using for "normal" DNS for the rest of your network? 

The way I'm doing it, and I suspect the way the majority of people on here are doing it, is that I run a DNS server to do internal lookups for my network.  If my DNS server doesn't have a record for it, it goes out and looks at my ISP's DNS servers and gets the address from them.  I then set up a conditional forwarder for Google that tells my DNS server to ask HE about any Google related lookups.

NCFTA

Quote from: cholzhauer on March 31, 2010, 08:11:11 AM
Quote
I've set up the tunnel and entered the HE IPv6 DNS as w"ell as the Google public DNS (which I thought handled AAAA)

Where did you enter that information?

I entered this in my router (Cisco 2611) using the "ip name-server xxx.xxx.xxx.xxx" command.  I also tried using the network connection manager in Ubuntu (9.10) under the IPv6 Settings tab, setting the mode to "auto-address only" and manually inputting the DNS server IPv6 under "DNS server"
Quote from: cholzhauer on March 31, 2010, 08:11:11 AM
What are you using for "normal" DNS for the rest of your network? 
Right now I don't have any IPv4 setup.  I have some static IPs which I could use to create a DHCP pool with NAT for my hosts, but I am trying to set up, I guess you could say, an "ipv6 native" LAN.
Quote from: cholzhauer on March 31, 2010, 08:11:11 AM
The way I'm doing it, and I suspect the way the majority of people on here are doing it, is that I run a DNS server to do internal lookups for my network.  If my DNS server doesn't have a record for it, it goes out and looks at my ISP's DNS servers and gets the address from them.  I then set up a conditional forwarder for Google that tells my DNS server to ask HE about any Google related lookups.

OK, you went a little over my head, so let me make sure I understand.  So you put a local DNS, that can resolve IPV6, on your own LAN as a local cache and to do recursive for the hosts on the LAN, right?  I was thinking of building a DNS on my LAN as my next step.  Your local DNS resolves AAAA and AAA records?  Thanks.

cholzhauer

#3
QuoteI was thinking of building a DNS on my LAN as my next step.

That would make this very easy.

I'm guessing you have a DSL or cable connection now, so your DNS is provided by your ISP.  

Quote
So you put a local DNS, that can resolve IPV6, on your own LAN as a local cache and to do recursive for the hosts on the LAN, right?

I should clarify by saying I'm running this at work, so I had the advantage of already having an AD/DNS infrastructure in place.  My DNS has all of the entries for the hosts on my network (both A and AAAA, as well as PTR entries for A and AAAA), and sends unknown queries to my ISP.  GoDaddy is hosting my external A and AAAA lookups (if you wanted to pull up the website of my company, your request would go there) and I have HE asking my DNS servers for the recursive lookup.

Like I said, I use DNS in an Active Directory environment, but I think that might be a little cost prohibitive;  Something like Bind would work great for you.


EDIT:

What if you were to remove that ip name-server statement in your config...can you resolve AAAA records then?  (Depending on your ISP, you may not be able to)

NCFTA


Quote from: cholzhauer on March 31, 2010, 09:48:00 AM
That would make this very easy.

I'm guessing you have a DSL or cable connection now, so your DNS is provided by your ISP.  

I'm volunteering part-time at a 501-3c non-profit.  I'm trying to set up an IPV6 native LAN as a proof of concept for IPV6 transition and for some training a visiting computer science professor is going to do in a couple weeks.  I have a static IPv4 address and an ethernet connection that "I think" comes from a split T1 I'm sharing with another office.  The T1 to the outside is kind of a black hole in my understanding of the network topology.  I know that I'm not behind a NAT or a DHCP, and have my own static IP that routes globally.

Quote
So you put a local DNS, that can resolve IPV6, on your own LAN as a local cache and to do recursive for the hosts on the LAN, right?
Quote from: cholzhauer on March 31, 2010, 09:48:00 AM
I should clarify by saying I'm running this at work, so I had the advantage of already having an AD/DNS infrastructure in place.  My DNS has all of the entries for the hosts on my network (both A and AAAA, as well as PTR entries for A and AAAA), and sends unknown queries to my ISP.  GoDaddy is hosting my external A and AAAA lookups (if you wanted to pull up the website of my company, your request would go there) and I have HE asking my DNS servers for the recursive lookup.

Like I said, I use DNS in an Active Directory environment, but I think that might be a little cost prohibitive;  Something like Bind would work great for you.


EDIT:

What if you were to remove that ip name-server statement in your config...can you resolve AAAA records then?  (Depending on your ISP, you may not be able to)
I'm doing everything else on Linux, so I think I'm going to use BIND.

We have a different network on a different IPV4 space from the same ISP for IPV4.  We have our own local DNS server that can only do IPV4.  I think the infrastructure manager said he was running BIND for that.
Thanks.

jimb

Note that an IPv4 only DNS server doesn't necessarily preclude it from returning AAAA resource records.  If you want a DNS server which actually listens on IPv6 only, you'll need to either find one on the internet (the HE one would probably work) or set up your own.

Setting up a caching only DNS server with BIND is pretty trivial.  All you really need is a named.root (aka named.cache, named.ca) file and a root zone hint config section referencing the file.  BIND ships with these in the default config.  

Then if you want to use the HE google whitlisted DNS server which will return AAAAs for google services, you can put in this zone configuration:

# HE DNS server for google IPv6 service
zone "google.com" IN {
  type forward;
  forward first;
  forwarders {
     2001:470:20::2;
     74.82.42.42;
  };
};


This causes BIND to forward any request for the google.com domain to the HE server.

Probably the hardest part will be turning off IPv4 completely in BIND.  :)  I never tired that.  Maybe if there's not IPv4 address on the server it will ignore all the IPv4s in the named.ca, etc.

You may also have certain problems resolving certain domains with an IPv6 only name server, since there's a lot of DNS servers out there which are only accessible by IPv4 but which still return AAAA records.  May be easiest to put both an IPv4 and an IPv6 on the DNS server you set up.

And of course, if you're IPv6 only on the LAN, unless you use something like DS-Lite or NAT64/DNS64, you'll have no access to the IPv4 internet.