IPv6 Foundation Part 10: IPv6 DNS, Monitoring & Address Management

IPv6 Foundation Part 10 - IPv6 DNS
How IPv6 DNS works, what are AAAA Records, How to Mon­i­tor your Net­work, how to do Address Man­age­ment (IPAM)! Find all your answers and more right here!

Table of Con­tents

About this course

So you are inter­est­ed in IPv6, which is absolute­ly great!

IPv6 is not only the future of net­work­ing, it is already here today! All the big play­ers on the Inter­net are already IPv6 enabled and it is now time for you to join the par­ty!

This course cov­ers all major aspects of the new Inter­net Pro­to­col and what changed, com­pared to IPv4. You will under­stand the fun­da­men­tals and be ahead of your peers that are still on the sink­ing ship of IPv4! As of today, there are no IPv4 address­es left and we have no oth­er option but to go ahead and deploy IPv6.

IPv6 Act Now

IPv6 Foun­da­tion Part 10: IPv6 DNS, Mon­i­tor­ing & Address Man­age­ment

IPv6 DNS

Because an IPv6 address has 128 bits instead of 32 and the nota­tion with hexa­dec­i­mal num­bers and colons is not that easy to remem­ber, DNS is still a cru­cial part of net­work and Inter­net infra­struc­ture even nowa­days.

In the Domain Name Sys­tem (DNS) one record has been added, the famous:

The New AAAA For­ward IPv6 DNS Record (“quad A”)

The AAAA DNS record It is used in place of the reg­u­lar A record to define an IPv6 address behind a domain name. The AAAA record can coex­ist with an A record pro­vid­ing an IPv4 address.

So usu­al­ly we now have 2 (AAAA + A) records instead of just one (A) record for each DNS name:

google.com.
    A     173.194.112.110

  
    AAAA   2a00:1450:4001:803::1008


The New ip6.arpa Reverse IPv6 DNS Zone

The exist­ing DNS Reverse record, called Point­er (PTR) is still the same.

The one dif­fer­ence is, the IPv6 reverse zone need­ed to be a new one:

in-addr.arpa (for IPv4) becomes ip6.arpa (for IPv6)

How does the IPv6 DNS PTR entry look like? Here is an exam­ple:

IPv4:

68.112.194.173.in-addr.arpa.   IN PTR   fra07s29-in-f4.1e100.net.

IPv6:

3.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.2.0.8.0.1.0.0.4.0.5.4.1.0.0.a.2.ip6.arpa.   IN PTR   fra07s29-in-x03.1e100.net.

How to make a AAAA IPv6 DNS query for an IPv6 address

My favorite DNS tool is dig, which is avail­able native­ly in Lin­ux, UNIX and MacOS.

You can have a look at the Lin­ux man page for dig in case you are inter­est­ed in even more com­mands and fea­tures. Let’s look at the three basics you will need all the time:

$ dig AAAA google.com +short
2a00:1450:4001:802::100e

The out­put of this dig com­mand dis­plays the short ver­sion (only the essen­tial part) of the DNS reply -> in this case the IPv6 address of google.com.

How to find the reverse DNS name (PTR) for an IPv6 address

$ dig -x 2a00:1450:4001:802::100e +short
fra07s29-in-x0e.1e100.net.

The out­put of this dig com­mand dis­plays the short ver­sion (only the essen­tial part) of the DNS reply -> in this case the PTR record (reverse DNS name) asso­ci­at­ed with the spe­cif­ic IPv6 address and reg­is­tered in zone ip6.arpa.

How to find the Name Servers (DNS) for a domain and their IPv6 address­es

$ dig NS as60081.net
;; ANSWER SECTION:
as60081.net. 57600 IN NS ns1.as60081.net.
as60081.net. 57600 IN NS ns2.as60081.net.
as60081.net. 57600 IN NS ns3.as60081.net.

;; ADDITIONAL SECTION:
ns1.as60081.net. 57600 IN A 185.59.96.5
ns1.as60081.net. 57600 IN AAAA 2a02:69e0:250::5
ns2.as60081.net. 57600 IN A 185.59.96.6
ns2.as60081.net. 57600 IN AAAA 2a02:69e0:250::6
ns3.as60081.net. 57600 IN A 176.58.89.145
ns3.as60081.net. 57600 IN AAAA 2a00:dd80:3c::8fc

By query­ing the NS records (name serv­er) for a domain, dig will return the indi­vid­ual names of the name servers and in the addi­tion­al sec­tion, their IPv4 and IPv6 address­es.

In this case, because the name servers are below their own domain (ns1.domain.com is part of domain.com), the IP address­es have to be sup­plied with the answer. We would be unable to query the name servers oth­er­wise and could nev­er resolve the domain or its sub­do­mains.

You might not see the addi­tion­al sec­tion for all such queries, espe­cial­ly if the name servers fr a domain are part of anoth­er domain (e.g. ns1.dnsdomain.com is NS for seconddomain.com).

IPv6 Mon­i­tor­ing your Infra­struc­ture

Mon­i­tor­ing is crit­i­cal for all infra­struc­ture, no mat­ter which ver­sion of IP is used. One of the best tools on the mar­ket, which is also free and Open Source Soft­ware, is Icin­ga Open Source Mon­i­tor­ing. Icin­ga is a fork and suc­ces­sor of Nagios. It is pos­si­ble to buy com­mer­cial sup­port or a cloud host­ed ver­sion of the soft­ware, but the reg­u­lar install would be local on your machine out of your UNIX pack­age repos­i­to­ry.

Icin­ga sup­ports IPv6 com­plete­ly since ver­sion 1.3 (10 years ago)

There is a new option “address6” (addi­tion­al­ly to “address”) which is used to include IPv6 address­es of mon­i­tored ser­vices.

Depend­ing on your mon­i­tor­ing design you might want to add sep­a­rate instances of things with only an address6, to make sure a ser­vice is marked as down, if it is not reach­able via IPv6, and the oth­er way around with IPv4. Oth­er­wise it can still be dis­played as up and run­ning, even if half the Inter­net is not able to access it.

The rest of the con­fig­u­ra­tion stays the same!

You can check out a free demo install with no sign up nec­es­sary with cre­den­tials demo:demo on the offi­cial Icin­ga Demo Por­tal.

Icinga IPv6 Monitoring Demo

IPv6 Address Man­age­ment

The IPv6 address space is vast and has to be planned per­fect­ly to not waste your own pre­fix. Remem­ber, more than the whole cur­rent IPv4 address space fits in a sin­gle /64 IPv6 net­work, which some of us use as a tran­sit link.

Hav­ing so much space at your dis­pos­al means you have to plan extra super accu­rate­ly.

There are many com­mer­cial tools avail­able for IPv6 address plan­ning and address man­age­ment.

My favorite tool for small to medi­um instal­la­tions is open source soft­ware phpI­PAM. It can also do IPv4 and I have used it for more than 10 years now.

  • phpi­pam is com­plete­ly IPv6-capa­ble (apart from net­work scan, which is not sup­port­ed)
  • there is an inte­grat­ed IPv4 and IPv6 sub­net cal­cu­la­tor
  • it has full CIDR sup­port
  • there is MySQL sup­port to save all the data
  • VLAN and VRF sup­port enable man­age­ment of lager net­work on all lay­ers of the ISO OSI mod­el if you like
  • it has report­ing func­tion­al­i­ties

If you like to check out the Demo with no sign up nec­es­sary, check out the offi­cial phpi­pam Demo Site with cre­den­tials Admin:ipamadmin.

phpipam IPv6 Demo Site

Thank You

Thank you for attend­ing the Orig­i­nal IPv6 Foun­da­tion Mas­ter Class! You can book­mark this site to use it as a quick ref­er­ence in case you need to re-read some­thing and you can share this page to social media and your friends and col­leagues. Stay tuned to this blog for more in-depth sto­ries like this one.

Rec­om­mend­ed Resources for addi­tion­al read­ing

Apart from the links through­out this course I rec­om­mend the fol­low­ing resources for addi­tion­al infor­ma­tion:

  1. The Inter­net Soci­ety (ISOC) IPv6 Por­tal
  2. Test your IPv6 con­nec­tiv­i­ty on test-ipv6.com
  3. The offi­cial IANA list of assigned IPv6 address space is very inter­est­ing
  4. The Google IPv6 deploy­ment sta­tis­tics
  5. The RIPE NCC IPv6 work­ing group and mail­ing list

Book rec­om­men­da­tions on IPv6

I can rec­om­mend the fol­low­ing 3 books (Ama­zon refer­ral links) which I enjoyed read­ing:

This con­cludes IPv6 Foun­da­tion Part 10: IPv6 DNS, Mon­i­tor­ing & Address Man­age­ment of the orig­i­nal IPv6 Foun­da­tion Mas­ter Class.

Pre­vi­ous Part: IPv6 Foun­da­tion Part 9: IPv6 on Mac

Next Part: IPv6 Foun­da­tion Part 11: IPv6 Rout­ing

Share this post

Share on pocket
Share on reddit
Share on facebook
Share on twitter
Share on linkedin
Share on xing