It is presumed that your name server is already configured and functional for the IPv4 queries, hence the next steps will just focus on the additional configuration that is needed for supporting IPv6 DNS queries. Let’s see how to do that.
0. Before we begin
Let’s consider, we have to configure our name servers with the following information:
Server | IPv6 Address | IPv4 Address |
ns1 (Primary) | 2001:db8:0:1::53 | 192.0.2.53 |
ns2 (Secondary) | 2001:db8:0:2::53 | 203.0.113.53 |
www | 2001:db8:0:3::80 | 192.0.2.80 |
2001:db8:0:4::25 | 192.0.2.25 | |
ftp | 2001:db8:0:5::21 | 192.0.2.21 |
1. Prepare the Primary Server
Both network and host firewalls must allow incoming TCP and UDP traffic over port 53. Standard DNS requests occur over UDP port 53. However, if the response size is over 512 bytes, which may happen for IPv6 or for DNSSEC, the request will need to be sent over TCP port 53.
Zone transfers between the primary and secondary name servers will occur over TCP port 53.
firewall-cmd --permanent --zone=public --add-port=53/tcp
firewall-cmd --permanent --zone=public --add-port=53/udp
firewall-cmd --reload
2. Configure named.conf
File
Now, the first step is to modify the named.conf
file which usually preconfigured as a caching only name server.
vi /etc/named.conf
In order for the name server to respond to external requests over IPv6, it must listen on port 53. The configuration for IPv6 is similar as you may have done already for IPv4 which looks like listen-on port 53 { any; };
...
listen-on-v6 port 53 { any; };
...
Now, if you don’t need to allow recursion if may simple configure it as recursion no;
or you can allow recursion using recursion yes;
But, you may need to allow recursion for some specific IP prefixes. Here’s an example on how to allow recursion for the local server and a client prefix 2001:db8::/48.
...
allow-recursion { 192.0.2.0/24; 203.0.113.0/24; 2001:db8::/48; };
...
3. Configure Zone Information
After that, we need to configure the forward and reverse zone. You can configure it in the named.conf
file or in the /etc/named.rfc1912.zones
file if you have include "/etc/named.rfc1912.zones";
included in the named.conf
In this example, we’ll configure the zone information in the /etc/named.rfc1912.zones
vi /etc/named.rfc1912.zones
For the forward zone information, you don’t need to add any new zone entry. If you already have it for IPv4, that would work. Just add the IPv6 address of secondary DNS in the allow-transfer field.
zone "v6lab.org" IN {
type master;
file "for.db.v6lab.org";
allow-transfer { 203.0.113.53; 2001:db8:0:2::53; };
};
For the reverse zone information, you need to add separate new zone information for IPv6. Here’s an example:
zone "0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa" {
type master;
file "rev.db.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa";
allow-transfer { 2001:db8:0:2::53; };
};
4. Configure Zone File
The forward zone file should include both A records and AAAA records. Here’s an example on how to do that. There are other similar ways to configure your resource records, but it’s just an example:
vi /var/named/for.db.v6lab.org
$TTL 3H
$ORIGIN v6lab.org.
@ IN SOA ns1.v6lab.org. root.v6lab.org. (
1 ; serial
3H ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.v6lab.org.
IN NS ns2.v6lab.org.
IN MX 10 host1.v6lab.org.
ns1 IN A 192.0.2.53
IN AAAA 2001:db8:0:1::53
ns2 IN A 203.0.113.53
IN AAAA 2001:db8:0:2::53
v6lab.org. IN A 192.0.2.80
IN AAAA 2001:db8:0:3::80
host1 IN A 192.0.2.25
IN AAAA 2001:db8:0:4::25
www IN CNAME v6lab.org.
mail IN CNAME host1.v6lab.org.
ftp IN A 192.0.2.21
IN AAAA 2001:db8:0:5::21
The reverse zone file for IPv6 may be configured as:
vi /var/named/rev.db.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa
$TTL 3H
$ORIGIN 0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
@ IN SOA ns1.v6lab.org. root.v6lab.org. (
1 ; serial
3H ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.v6lab.org.
IN NS ns2.v6lab.org.
53.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0 IN PTR ns1.v6lab.org.
53.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0 IN PTR ns2.v6lab.org.
80.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0 IN PTR v6lab.org.
25.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.0.0 IN PTR host1.v6lab.org.
21.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.0 IN PTR ftp.v6lab.org.
Note: Modifying Zone File
Zone files can be modified on the primary name servers. Once resource records have been added, modified, or removed, you must increment the zone serial number. Here is the existing serial number of the v6lab.org
zone.
...
@ IN SOA ns1.v6lab.org. root.v6lab.org. (
0 ; serial
3H ; refresh
...
If the initial serial number begins at 0, then the next value will be 1.
...
@ IN SOA ns1.v6lab.org. root.v6lab.org. (
1 ; serial
3H ; refresh
...
Once the zone serial number has been incremented, the zone needs to be reloaded. This can be done without restarting the named
process.
rndc reload v6lab.org
The reload will also initiate a zone transfer to the secondary server.
5. Configure Secondary Server
Log into the secondary server and modify the /etc/named.conf
file to match that of the primary server.
vi /etc/named.conf
Once the file has been updated, the zone needs to be added to /etc/named.rfc1912.zones
on the secondary server. For the forward zone:
zone "v6lab.org" IN {
type slave;
file "slaves/for.db.v6lab.org";
masters { 192.0.2.53; 2001:db8:0:1::53; };
};
And, for the reverse zone:
zone "0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa" {
type slave; file "slaves/rev.db.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa"; masters { 192.0.2.53; 2001:db8:0:1::53; };
};
6. Verify and Troubleshoot DNS Issues
If the secondary server can replicate the zone files from the master, you would be able to see the databases in the secondary server. Check it here:
cd /var/named/slaves
Syntax errors in the configuration files are easy to overlook. Therefore, it is always recommended to run named-checkconf
before starting or restarting the named
process.
named-checkconf
When problems occur, the named
log file is the first place to start looking. The log file on CentOS will be found here:
/var/named/data/named.run