DNS Server with IPv6 support - IP Networking

skanatiker · #1 (**permalink**) 06-26-2007

Hello,

i have a problem with a dns server. It is running bind 9.4.1 (compiled with "-enable-ipv6") on an AIX 5.3 system. The server starts without any errors or warnings. I am also able to lookup names for IPv4 adresses. But with IPv6 i have a strange problem.

When i execute the following dig command everything looks fine:

dig -t AAAA @localhost host1.v6mainzlab.com:

Code:

; <<>> DiG 9.2.0 <<>> -t AAAA @localhost host1.v6mainzlab.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63726
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;host1.v6mainzlab.com.          IN      AAAA

;; ANSWER SECTION:
host1.v6mainzlab.com.   86400   IN      AAAA    2007::239

;; AUTHORITY SECTION:
v6mainzlab.com.         86400   IN      NS      ns.v6mainzlab.com.

;; ADDITIONAL SECTION:
ns.v6mainzlab.com.      86400   IN      AAAA    2007::239

;; Query time: 23 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Tue Jun 26 15:06:10 2007
;; MSG SIZE  rcvd: 111

But when i use ::1 instead of localhost i get the following output:

dig -t AAAA @::1 host1.v6mainzlab.com:

Code:

; <<>> DiG 9.2.0 <<>> -t AAAA @::1 host1.v6mainzlab.com
;; global options:  printcmd
;; connection timed out; no servers could be reached

Ok, it seems as if the server does not listen to IPv6 request. But when i force dig to use TCP instead of UDP everything looks good:

dig -t AAAA +vc @::1 host1.v6mainzlab.com:

Code:

; <<>> DiG 9.2.0 <<>> -t AAAA +vc @::1 host1.v6mainzlab.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58888
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;host1.v6mainzlab.com.          IN      AAAA

;; ANSWER SECTION:
host1.v6mainzlab.com.   86400   IN      AAAA    2007::239

;; AUTHORITY SECTION:
v6mainzlab.com.         86400   IN      NS      ns.v6mainzlab.com.

;; ADDITIONAL SECTION:
ns.v6mainzlab.com.      86400   IN      AAAA    2007::239

;; Query time: 2 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue Jun 26 15:09:36 2007
;; MSG SIZE  rcvd: 111

The DNS server seems to be listening on TCP as well as UDP when i execute

netstat -ant | grep "\.53":

Code:

tcp6       0      0  *.53                   *.*                    LISTEN
tcp4       0      0  127.0.0.1.53           *.*                    LISTEN
tcp4       0      0  5.55.55.239.53        *.*                    LISTEN
udp4       0      0  127.0.0.1.53           *.*
udp4       0      0  5.55.55.239.53        *.*
udp6    4142      0  *.53                   *.*

I hope someone can help me. Why does it work via TCP, but not via UDP? Any Ideas?

cbkihong · #2 (**permalink**) 06-26-2007

What if you added the '-f inet6' to netstat? What is the output?

I'm not using AIX. Do you have utilities such as tcpdump available on your platform which is IPv6-enabled to verify that a UDP6 packet actually got sent with your UDP dig? I guess it could be due to misconfiguration of bind that it erroneously listened on IPv4.

What did you specify in the config for the "listen-on-v6" directive? If you want bind to listen on IPv6, you should have that.

porter · #3 (**permalink**) 06-26-2007

Different platforms have different solutions on implementing both IPv4 and IPv6 simultaneously, and this affects how servers listen.

There is the parallel stack and the unified stack approach.

With the parallel stack approach, IPv4 and IPv6 are totally independent stacks and port 53 TCP/IPv4 is different to port 53 TPC/IPv6. A server has to bind and listen on both these ports.

With the unified stack approach the following happens:

If you create an IPv4 socket, it only works on IPv4, end of story.

If you create an IPv6 socket, it will work with both IPv4 and IPv6 clients.

Then there are platforms which require you to create both an IPv4 and an IPv6 socket, but the ports are common, hence you have to set the SO_REUSEADDR flag in order to bind both IPv4 and IPv6 to the same port.

The address "loopback" will resolve typically to 127.0.0.1 which is the IPv4 loopback address. As you point out "::1" is the loopback for IPv6.

skanatiker · #4 (**permalink**) 06-27-2007

Thanks a lot for your answers so far.

Here is my output from the following command

netstat -ant -f inet6| grep "\.53":

Code:

tcp6       0      0  *.53                   *.*                    LISTEN
udp6    4142      0  *.53                   *.*

tcpdump is available on my machine. I have played around a bit with tcpdump, but i didn't find anything interesting in the output. Which parameters should i use to start tcpdump with?

In my named.conf i have set the listen-on-v6 directive to any.

And @porter: Thanks for the information. But i wasn't able to determine whether aix uses the parallel stack or unified stack approach. And if it uses the unified stack approach, where do i have to set the SO_REUSEADDR flag?

Another thing i'm not sure about is ip6.arpa zone. Do i need this zone at all? Does IPv6 not work without a correct ip6.arpa? It is only there for the reverse lookup, isn't it? so the dig request i had sent should also have been executed without the zone, or? Well, if i need it, how should it look like? I use one at the moment, and it is also loaded without any errors, but well, i'm not sure whether it is correct.

Are there any other zones that are necessary for IPv6 to work? So only the basic ones. I have a zone where my AAAA records are in.

I found out something very interesting now. When i execute "dig @::1 host1.v6mainzlab.com aaaa" the first time, i get an error in my bind.log. I have turned on logging in named.conf. The error is the following:

Code:

27-Jun-2007 10:24:03.450 general: error: client.c:1575: unexpected error:
27-Jun-2007 10:24:03.450 general: error: failed to get request's destination: failure
27-Jun-2007 10:24:08.458 general: error: client.c:1575: unexpected error:
27-Jun-2007 10:24:08.459 general: error: failed to get request's destination: failure

--------EDIT---------
I have played around a bit and tried to get the dns server started on another AIX 5.3 machine. There i have Bind 9.2.1 installed. It's the default package that comes with AIX 5.3. When i started bind i got an error message in the system log. He couldn't bind the IPv4 socket, because it is already in use. So, well, i think now we know, that AIX uses unified stack. Now i would have to know, where i have to set the flag SO_REUSEADDR. Just for testing i have set the dns not to listen on IPv4 by setting "listen-on port 53 {none};" in named.conf (btw - i did the same on the other machine with Bind 9.4.1 and it didn't work there).

On that machine, all my dig commands work fine now. I have changed /etc/resolv.conf to the following:

Code:

nameserver ::1
search v6.mainzlab.com

But when i want to ping host1 or host1.v6mainzlab.com the host cannot be found. Any ideas what is the problem here?

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
VIO server support and agent installation	raba	AIX	3	03-11-2008 01:10 AM
HP Unwavering in Unix Support - Server Watch	iBot	UNIX and Linux RSS News	0	10-05-2007 01:10 PM
Enterprise Server Support Technician - iTWire	iBot	UNIX and Linux RSS News	0	07-16-2007 01:00 AM
nCircle Announces Support for IPv6 Detection - Earthtimes.org	iBot	UNIX and Linux RSS News	0	06-19-2007 06:10 AM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode