To enable IPv6 for listening, following options are requested to change
options {
# sure other options here, too
listen-on-v6 { any; };
};
|
This should result after restart in e.g.
# netstat -lnptu |grep "named\W*$"
tcp 0 0 :::53 :::* LISTEN 1234/named # incoming TCP requests
udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named # incoming UDP requests to IPv4 1.2.3.4
udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named # incoming UDP requests to IPv4 localhost
udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named # dynamic chosen port for outgoing queries
udp 0 0 :::53 :::* 1234/named # incoming UDP request to any IPv6
|
# dig localhost @::1
|
To disable IPv6 for listening, following options are requested to change
options {
# sure other options here, too
listen-on-v6 { none; };
};
|
acl internal-net {
127.0.0.1;
1.2.3.0/24;
3ffe:ffff:100::/56;
::1/128;
::ffff:1.2.3.4/128;
};
acl ns-internal-net {
1.2.3.4;
1.2.3.5;
3ffe:ffff:100::4/128;
3ffe:ffff:100::5/128;
};
|
options {
# sure other options here, too
listen-on-v6 { none; };
allow-query { internal-net; };
allow-transfer { ns-internal-net; };
};
|
This option is not required, but perhaps needed:
query-source-v6 address <ipv6address|*> port <port|*>; |
It's also possible to define per zone some IPv6 addresses.
Transfer source address is used for outgoing zone transfers:
transfer-source-v6 <ipv6addr|*> [port port];
|
Notify source address is used for outgoing notify messages:
notify-source-v6 <ipv6addr|*> [port port];
|
For IPv6 new types and root zones for reverse lookups are defined:
AAAA and reverse IP6.INT: specified in RFC 1886 / DNS Extensions to support IP version 6, usable since BIND version 4.9.6
A6, DNAME and reverse IP6.ARPA: specified in RFC 2874 / DNS Extensions to Support IPv6 Address Aggregation and Renumbering, usable since BIND 9, but see also an information about the current state at draft-ietf-dnsext-ipv6-addresses-00.txt
Perhaps filled later more content, for the meantime take a look at given RFCs and
AAAA and reverse IP6.INT: IPv6 DNS Setup Information
A6, DNAME and reverse IP6.ARPA: take a look into chapter 4 and 6 of the BIND 9 Administrator Reference Manual (ARM) distributed which the bind-package or get this here: BIND version 9 ARM (PDF)
Because IP6.INT is deprecated (but still in use), a DNS server which will support IPv6 information has to serve both reverse zones.
To check, whether BIND is listening on an IPv6 socket and serving data see following examples.
Specifying a dedicated server for the query, an IPv6 connect can be forced:
$ host -t aaaa www.6bone.net 3ffe:ffff:200:f101::1
Using domain server:
Name: 3ffe:ffff:200:f101::1
Address: 3ffe:ffff:200:f101::1#53
Aliases:
Host www.6bone.net. not found: 5(REFUSED)
|
Related log entry looks like following:
Jan 3 12:43:32 gate named[12347]: client
ΒΌ 3ffe:ffff:200:f101:212:34ff:fe12:3456#32770:
query denied
|
A successful IPv6 connect looks like following:
$ host -t aaaa www.6bone.net 3ffe:ffff:200:f101::1
Using domain server:
Name: 3ffe:ffff:200:f101::1
Address: 3ffe:ffff:200:f101::1#53
Aliases:
www.6bone.net. is an alias for 6bone.net.
6bone.net. has AAAA address 3ffe:b00:c18:1::10
|