Second , I want to use A6 chains.I tried out some configuration but it didn't work .I am giving my configuration below and I have few doubts abt them.Please clarify:
One of my clients is host2.example.com and its IPv6 address is fec0:1234:5678:1234::3
My Setup:
host1-------------- ---------------HUB ------------------------ host2
(fec0:1234:5678:1234::1/64) | (fec0:1234:5678:1234::3/64)
DNS server(fec0:1234:5678:1234::2/64)
(host1 host2 and DNS server all connected to the same HUB)
I configured in the DNS Server like this to use A6 chains
This is my example.com zone file.
$ORIGIN example.com
host2
SUBNET-1.IP6
IP6
When I do "dig 0.0.0.0 host2.example.com a6 "from host1 I get the response as "No such name"
The following lines have to be added in the next DNS server /ISP or in my DNS server only??????
SUBNET-1.IP6
IP6
I hope ,you help me out in this too.
Thanks in Advance,
Sharmila.
At 01:22 AM 4/12/2005, Ed Kapitein wrote:
Hi Sharmila,
I am not sure i can anwer all your questions, but i think i can answer some of
them.
I have a working ipv6 dns server running, so i will cut and paste from it.
in named.conf i have: (leaving out the irelevant parts)
listen-on-v6 { any; };
allow-query { any; };
zone "1.6.7.0.0.6.9.0.1.0.0.2.ip6.arpa" IN {
type master;
file "ipv6.zone";
allow-transfer { none; };
allow-update { none; };
};
and in ipv6.zone i have:
$ORIGIN
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.6.7.0.0.6.9.0.1.0.0.2.ip6.arpa.
1D IN NS ns1.kapitein.org.
1D IN NS ns2.kapitein.org.
1D IN NS ns3.kapitein.org.
1 PTR wega.kapitein.org.
2 PTR pced.kapitein.org.
5 PTR pcbeneden.kapitein.org.
8 PTR ns1.kapitein.org.
This will take care of the reverse zone.
You have something with ::.ip6.arpa.zone, i am not font of filenames with ::
in it, but that is probably just me....
For the kapitein.org zone i have in named.conf:
zone "kapitein.org" IN {
type master;
file "kapitein.org";
allow-update { none; };
allow-transfer { none; };
forwarders {};
};
and the file kapitein.org contains:
@ 1D IN SOA neo postmaster (
2005041000 ; serial (d. adams)
1H ; refresh
15M ; retry
2W ; expiry
1D ) ; minimum
IN MX 10 neo
1D IN NS neo
pced 1D IN AAAA 2001:960:761::2
wega 1D IN AAAA 2001:960:761::1
pcbeneden 1D IN AAAA 2001:960:761::5
neo 1D IN AAAA 2001:960:761::8
I am running suse 8.2, bind9-9.2.2
If youy use dig, try dig @fec0:1234:5678:1234::2 example.domain soa and see if
your server is authorative for that domain.
I think it is easier to build a good working ipv4 dns server and add the ipv6
parts later.
For me that is better to grasp then using ipv6 right away.
DNSsec is not nessecary for ipv6, i don't use it.
Bind should start without any errors, so check your zonefiles for missing } {
; etc.
I hope this helps.
If you are fammiliar with IRC you can join #ipv6 on
irc://irc.freenode.net/ipv6
Kind regards,
@
On Monday 11 April 2005 16:12, Sharmila wrote:
> Hello Experts,
>
> I have problems configuring DNS server for IPv6. I am
> using redhat Linux (kernel version 2.4.18-14.) and am enabling IPv6 by
> 'insmod'ing ipv6.o. I got bind 9.3.1 from www.isc.org . untarred and
> compiled .I did ./configure -enable-ipv6 and make and make install.
> There were no compilation errors and 'named' also starts successfully. I
> think I am doing some mistake in the zone files.I am trying the following
> simple setup in my private network:
> host1-------------- ---------------HUB ------------------------ host2
> (fec0:1234:5678:1234::1/64) | (fec0:1234:5678:1234::3/64)
>
> DNS server(fec0:1234:5678:1234::2/64)
>
> (host1 host2 and DNS server all connected to the same HUB)
>
> I want to have host1 and host2 in example.domain and would like DNS server
> to resolve the domain name when looked up from host1.
> on host1:
> vi /etc/resolv.conf
> nameserver fec0:1234:5678:1234::2
>
> named.conf on DNS server:
>
> options {
> directory "/var/named";
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND 8.1 uses an unprivileged
> * port by default.
> */
> listen-on-v6 { any;};
> // query-source address * port 53;
> };
>
> //
> // a caching only nameserver config
> //
> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> };
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> zone "localhost" IN {
> type master;
> file "localhost.zone";
> allow-update { none; };
> };
>
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "named.local";
> allow-update { none; };
> };
> zone "::.ip6.arpa" IN {
> type master;
> file "::.ip6.arpa.zone";
> };
> zone "example.domain" IN {
> type master;
> file "example.domain.zone";
> };
>
> include "/etc/rndc.key";
> I creaetd the files ::.ip6.arpa.zone and example.domain.zone
> Is it right to create such file???
>
> ::.ip6.arpa.zone file on DNS server: ( Thought it's similar to
>
> 0.0.127.in-addr.arpa.zone)
>
> $TTL 86400
> @ IN SOA localhost. root.localhost (
> 1 ; serial
> 28800 ; refresh
> 7200 ; retry
> 604800 ; expire
> 86400 ; ttk
> )
>
>
> @ IN NS localhost.
>
> 1 IN PTR localhost.
>
> example.domain.zone on DNS server:
>
> $TTL 86400
> @ IN SOA example.domain root.localhost (
> 3 ; serial
> 28800 ; refresh
> 7200 ; retry
> 604800 ; expire
> 86400 ; ttl
> )
>
>
> @ IN NS example
>
> $ORIGIN example.domain
> @ 3600 IN A6 64 fec0:1234:5678:1234::2
> host1 3600 IN A6 64 fec0:1234:5678:1234::1
> host2 3600 IN A6 64 fec0:1234:5678:1234::3
>
> Now on host1 ,I do
> dig 0.0.0.0 host2.example.domain a6
> or
> dig :: host2.example.domain a6
>
> It does not succeed.It says,
> no servers could be reached;connection timed out;
>
> On server side, in /var/log/messages it says unexpected end of file in
> example.domain.zone
> /var/log/messages on DNS Server
>
> Apr 11 17:56:31 intoto named[1753]: starting BIND 9.2.1 -u named
> Apr 11 17:56:31 intoto named[1753]: using 1 CPU
> Apr 11 17:56:31 intoto named[1756]: loading configuration from
> '/etc/named.conf'
> Apr 11 17:56:31 intoto named[1756]: listening on IPv6 interfaces, port 53
> Apr 11 17:56:31 intoto named[1756]: listening on IPv4 interface lo,
> 127.0.0.1#53
> Apr 11 17:56:31 intoto named[1756]: binding TCP socket: address in use
> Apr 11 17:56:31 intoto named[1756]: listening on IPv4 interface eth0,
> 172.16.15.16#53
> Apr 11 17:56:31 intoto named[1756]: binding TCP socket: address in use
> Apr 11 17:56:31 intoto named[1756]: listening on IPv4 interface eth1,
> 172.16.17.17#53
> Apr 11 17:56:31 intoto named[1756]: binding TCP socket: address in use
> Apr 11 17:56:31 intoto named[1756]: command channel listening on
> 127.0.0.1#953 Apr 11 17:56:31 intoto named[1756]: zone
> 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
> Apr 11 17:56:31 intoto named[1756]: zone ::.ip6.arpa/IN: loaded serial
> 1997022700
> Apr 11 17:56:31 intoto named[1756]: dns_rdata_fromtext:
> example.domain.zone:14: near eol: unexpected end of input
> Apr 11 17:56:31 intoto named[1756]: zone example.domain/IN: loading master
> file example.domain.zone: unexpected end of input
> Apr 11 17:56:31 intoto named[1756]: zone localhost/IN: loaded serial 42
> Apr 11 17:56:31 intoto named[1756]: running
> Apr 11 17:56:31 intoto named: named startup succeeded
>
>
> Can someone please tell me where I am wrong . I am completely new to
> this.So,I could have made some silly mistakes.So,please correct me and
> guide me or point me to proper help docs on this.
> Also is it compulsory to have DNSSEC enabled for IPv6 DNS ??
>
> Thanks in advance,
> Sharmila
Intoto Software (India) Pvt. Ltd.,
Uma Plaza,Nagarjuna Circle,
Punjagutta,
Hyderabad ,India.
Mobile: 9885012730
Tel: +91-40-2335-8927 / 28Ext: 210
Fax: +91-40-2335-8933
e-mail: [EMAIL PROTECTED],[EMAIL PROTECTED]
