Course Index
Part 1 – Introduction: What is IPv6
Part 2 – IPv6 Addressing & Subnetting
Part 3 – IPv6 Headers & Header Extensions
Part 4 – ICMPv6 & IPv6 Neighborships
Part 5 – IPv6 Configuration, EUI-64, SLAAC & Dual Stack
Part 6 – IPv6 DHCP (DHCPv6)
Part 7 – IPv6 on Windows
Part 8 – IPv6 on Linux
Part 9 – IPv6 on Mac
Part 10 – IPv6 DNS, Monitoring & Address Management
Part 11 – IPv6 Routing
Part 12 – IPv6 Security & Tunneling
Part 13 – IPv6 Internet Connection & Address Planning

IPv6 Foundation Part 10: IPv6 DNS, Monitoring & Address Management

IPv6 DNS

Because an IPv6 address has 128 bits instead of 32 and the notation with hexadecimal numbers and colons is not that easy to remember, DNS is still a crucial part of network and Internet infrastructure even nowadays.

Watch my video or continue reading below.

In the Domain Name System (DNS) one record has been added, the famous:

The New AAAA Forward IPv6 DNS Record (“quad A”)

The AAAA DNS record It is used in place of the regular A record to define an IPv6 address behind a domain name. The AAAA record can coexist with an A record providing an IPv4 address.

So usually we now have 2 (AAAA + A) records instead of just one (A) record for each DNS name:

google.com.
    A      173.194.112.110    
    AAAA   2a00:1450:4001:803::1008

The New ip6.arpa Reverse IPv6 DNS Zone

The existing DNS Reverse record, called Pointer (PTR) is still the same.

The one difference is, the IPv6 reverse zone needed to be a new one:

in-addr.arpa (for IPv4) becomes ip6.arpa (for IPv6)

How does the IPv6 DNS PTR entry look like? Here is an example:

IPv4:

68.112.194.173.in-addr.arpa.   IN PTR   fra07s29-in-f4.1e100.net.

IPv6:

3.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.2.0.8.0.1.0.0.4.0.5.4.1.0.0.a.2.ip6.arpa.   IN PTR   fra07s29-in-x03.1e100.net.

How to make a AAAA IPv6 DNS query for an IPv6 address

My favorite DNS tool is dig, which is available natively in Linux, UNIX and MacOS.

You can have a look at the Linux man page for dig in case you are interested in even more commands and features. Let’s look at the three basics you will need all the time:

$ dig AAAA google.com +short
2a00:1450:4001:802::100e

The output of this dig command displays the short version (only the essential part) of the DNS reply -> in this case the IPv6 address of google.com.

How to find the reverse DNS name (PTR) for an IPv6 address

$ dig -x 2a00:1450:4001:802::100e +short
fra07s29-in-x0e.1e100.net.

The output of this dig command displays the short version (only the essential part) of the DNS reply -> in this case the PTR record (reverse DNS name) associated with the specific IPv6 address and registered in zone ip6.arpa.

How to find the Name Servers (DNS) for a domain and their IPv6 addresses

$ dig NS as60081.net
;; ANSWER SECTION:
as60081.net. 57600 IN NS ns1.as60081.net.
as60081.net. 57600 IN NS ns2.as60081.net.
as60081.net. 57600 IN NS ns3.as60081.net.

;; ADDITIONAL SECTION:
ns1.as60081.net. 57600 IN A 185.59.96.5
ns1.as60081.net. 57600 IN AAAA 2a02:69e0:250::5
ns2.as60081.net. 57600 IN A 185.59.96.6
ns2.as60081.net. 57600 IN AAAA 2a02:69e0:250::6
ns3.as60081.net. 57600 IN A 176.58.89.145
ns3.as60081.net. 57600 IN AAAA 2a00:dd80:3c::8fc

By querying the NS records (name server) for a domain, dig will return the individual names of the name servers and in the additional section, their IPv4 and IPv6 addresses.

In this case, because the name servers are below their own domain (ns1.domain.com is part of domain.com), the IP addresses have to be supplied with the answer. We would be unable to query the name servers otherwise and could never resolve the domain or its subdomains.

You might not see the additional section for all such queries, especially if the name servers fr a domain are part of another domain (e.g. ns1.dnsdomain.com is NS for seconddomain.com).

IPv6 Monitoring your Infrastructure

Monitoring is critical for all infrastructure, no matter which version of IP is used. One of the best tools on the market, which is also free and Open Source Software, is Icinga Open Source Monitoring. Icinga is a fork and successor of Nagios. It is possible to buy commercial support or a cloud hosted version of the software, but the regular install would be local on your machine out of your UNIX package repository.

Icinga supports IPv6 completely since version 1.3 (10 years ago)

There is a new option “address6” (additionally to “address”) which is used to include IPv6 addresses of monitored services.

Depending on your monitoring design you might want to add separate instances of things with only an address6, to make sure a service is marked as down, if it is not reachable via IPv6, and the other way around with IPv4. Otherwise it can still be displayed as up and running, even if half the Internet is not able to access it.

The rest of the configuration stays the same!

You can check out a free demo install with no sign up necessary with credentials demo:demo on the official Icinga Demo Portal.

IPv6 Address Management

The IPv6 address space is vast and has to be planned perfectly to not waste your own prefix. Remember, more than the whole current IPv4 address space fits in a single /64 IPv6 network, which some of us use as a transit link.

Having so much space at your disposal means you have to plan extra super accurately.

There are many commercial tools available for IPv6 address planning and address management.

Watch my introduction video or continue reading below.

My favorite tool for small to medium installations is open source software phpIPAM. It can also do IPv4 and I have used it for more than 10 years now.

phpipam is completely IPv6-capable (apart from network scan, which is not supported)
there is an integrated IPv4 and IPv6 subnet calculator
it has full CIDR support
there is MySQL support to save all the data
VLAN and VRF support enable management of lager network on all layers of the ISO OSI model if you like
it has reporting functionalities

If you like to check out the Demo with no sign up necessary, check out the official phpipam Demo Site with credentials Admin:ipamadmin.