IPv6 Foundation Part 10: IPv6 DNS, Monitoring & Address Management

IPv6 Foundation Part 10 - IPv6 DNS
How IPv6 DNS works, what are AAAA Records, How to Monitor your Network, how to do Address Management (IPAM)! Find all your answers and more right here!

Table of Contents

About this course

So you are interested in IPv6, which is absolutely great!

IPv6 is not only the future of networking, it is already here today! All the big players on the Internet are already IPv6 enabled and it is now time for you to join the party!

This course covers all major aspects of the new Internet Protocol and what changed, compared to IPv4. You will understand the fundamentals and be ahead of your peers that are still on the sinking ship of IPv4! As of today, there are no IPv4 addresses left and we have no other option but to go ahead and deploy IPv6.

IPv6 Act Now

IPv6 Foundation Part 10: IPv6 DNS, Monitoring & Address Management

IPv6 DNS

Because an IPv6 address has 128 bits instead of 32 and the notation with hexadecimal numbers and colons is not that easy to remember, DNS is still a crucial part of network and Internet infrastructure even nowadays.

In the Domain Name System (DNS) one record has been added, the famous:

The New AAAA Forward IPv6 DNS Record ("quad A")

The AAAA DNS record It is used in place of the regular A record to define an IPv6 address behind a domain name. The AAAA record can coexist with an A record providing an IPv4 address.

So usually we now have 2 (AAAA + A) records instead of just one (A) record for each DNS name:

google.com.
    A     173.194.112.110

  
    AAAA   2a00:1450:4001:803::1008


The New ip6.arpa Reverse IPv6 DNS Zone

The existing DNS Reverse record, called Pointer (PTR) is still the same.

The one difference is, the IPv6 reverse zone needed to be a new one:

in-addr.arpa (for IPv4) becomes ip6.arpa (for IPv6)

How does the IPv6 DNS PTR entry look like? Here is an example:

IPv4:

68.112.194.173.in-addr.arpa.   IN PTR   fra07s29-in-f4.1e100.net.

IPv6:

3.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.2.0.8.0.1.0.0.4.0.5.4.1.0.0.a.2.ip6.arpa.   IN PTR   fra07s29-in-x03.1e100.net.

How to make a AAAA IPv6 DNS query for an IPv6 address

My favorite DNS tool is dig, which is available natively in Linux, UNIX and MacOS.

You can have a look at the Linux man page for dig in case you are interested in even more commands and features. Let’s look at the three basics you will need all the time:

$ dig AAAA google.com +short
2a00:1450:4001:802::100e

The output of this dig command displays the short version (only the essential part) of the DNS reply -> in this case the IPv6 address of google.com.

How to find the reverse DNS name (PTR) for an IPv6 address

$ dig -x 2a00:1450:4001:802::100e +short
fra07s29-in-x0e.1e100.net.

The output of this dig command displays the short version (only the essential part) of the DNS reply -> in this case the PTR record (reverse DNS name) associated with the specific IPv6 address and registered in zone ip6.arpa.

How to find the Name Servers (DNS) for a domain and their IPv6 addresses

$ dig NS as60081.net
;; ANSWER SECTION:
as60081.net. 57600 IN NS ns1.as60081.net.
as60081.net. 57600 IN NS ns2.as60081.net.
as60081.net. 57600 IN NS ns3.as60081.net.

;; ADDITIONAL SECTION:
ns1.as60081.net. 57600 IN A 185.59.96.5
ns1.as60081.net. 57600 IN AAAA 2a02:69e0:250::5
ns2.as60081.net. 57600 IN A 185.59.96.6
ns2.as60081.net. 57600 IN AAAA 2a02:69e0:250::6
ns3.as60081.net. 57600 IN A 176.58.89.145
ns3.as60081.net. 57600 IN AAAA 2a00:dd80:3c::8fc

By querying the NS records (name server) for a domain, dig will return the individual names of the name servers and in the additional section, their IPv4 and IPv6 addresses.

In this case, because the name servers are below their own domain (ns1.domain.com is part of domain.com), the IP addresses have to be supplied with the answer. We would be unable to query the name servers otherwise and could never resolve the domain or its subdomains.

You might not see the additional section for all such queries, especially if the name servers fr a domain are part of another domain (e.g. ns1.dnsdomain.com is NS for seconddomain.com).

IPv6 Monitoring your Infrastructure

Monitoring is critical for all infrastructure, no matter which version of IP is used. One of the best tools on the market, which is also free and Open Source Software, is Icinga Open Source Monitoring. Icinga is a fork and successor of Nagios. It is possible to buy commercial support or a cloud hosted version of the software, but the regular install would be local on your machine out of your UNIX package repository.

Icinga supports IPv6 completely since version 1.3 (10 years ago)

There is a new option “address6” (additionally to “address”) which is used to include IPv6 addresses of monitored services.

Depending on your monitoring design you might want to add separate instances of things with only an address6, to make sure a service is marked as down, if it is not reachable via IPv6, and the other way around with IPv4. Otherwise it can still be displayed as up and running, even if half the Internet is not able to access it.

The rest of the configuration stays the same!

You can check out a free demo install with no sign up necessary with credentials demo:demo on the official Icinga Demo Portal.

Icinga IPv6 Monitoring Demo

IPv6 Address Management

The IPv6 address space is vast and has to be planned perfectly to not waste your own prefix. Remember, more than the whole current IPv4 address space fits in a single /64 IPv6 network, which some of us use as a transit link.

Having so much space at your disposal means you have to plan extra super accurately.

There are many commercial tools available for IPv6 address planning and address management.

My favorite tool for small to medium installations is open source software phpIPAM. It can also do IPv4 and I have used it for more than 10 years now.

  • phpipam is completely IPv6-capable (apart from network scan, which is not supported)
  • there is an integrated IPv4 and IPv6 subnet calculator
  • it has full CIDR support
  • there is MySQL support to save all the data
  • VLAN and VRF support enable management of lager network on all layers of the ISO OSI model if you like
  • it has reporting functionalities

If you like to check out the Demo with no sign up necessary, check out the official phpipam Demo Site with credentials Admin:ipamadmin.

phpipam IPv6 Demo Site

Thank You

Thank you for attending the Original IPv6 Foundation Master Class! You can bookmark this site to use it as a quick reference in case you need to re-read something and you can share this page to social media and your friends and colleagues. Stay tuned to this blog for more in-depth stories like this one.

Recommended Resources for additional reading

Apart from the links throughout this course I recommend the following resources for additional information:

  1. The Internet Society (ISOC) IPv6 Portal
  2. Test your IPv6 connectivity on test-ipv6.com
  3. The official IANA list of assigned IPv6 address space is very interesting
  4. The Google IPv6 deployment statistics
  5. The RIPE NCC IPv6 working group and mailing list

Book recommendations on IPv6

I can recommend the following 3 books (Amazon referral links) which I enjoyed reading:

This concludes IPv6 Foundation Part 10: IPv6 DNS, Monitoring & Address Management of the original IPv6 Foundation Master Class.

Previous Part: IPv6 Foundation Part 9: IPv6 on Mac

Next Part: IPv6 Foundation Part 11: IPv6 Routing

Share this post

Share on pocket
Share on reddit
Share on facebook
Share on twitter
Share on linkedin
Share on xing