i have a problem with a dns server. It is running bind 9.4.1 (compiled with "-enable-ipv6") on an AIX 5.3 system. The server starts without any errors or warnings. I am also able to lookup names for IPv4 adresses. But with IPv6 i have a strange problem.
When i execute the following dig command everything looks fine:
dig -t AAAA @localhost host1.v6mainzlab.com:
But when i use ::1 instead of localhost i get the following output:
dig -t AAAA @::1 host1.v6mainzlab.com:
Ok, it seems as if the server does not listen to IPv6 request. But when i force dig to use TCP instead of UDP everything looks good:
dig -t AAAA +vc @::1 host1.v6mainzlab.com:
The DNS server seems to be listening on TCP as well as UDP when i execute
netstat -ant | grep "\.53":
I hope someone can help me. Why does it work via TCP, but not via UDP? Any Ideas?
What if you added the '-f inet6' to netstat? What is the output?
I'm not using AIX. Do you have utilities such as tcpdump available on your platform which is IPv6-enabled to verify that a UDP6 packet actually got sent with your UDP dig? I guess it could be due to misconfiguration of bind that it erroneously listened on IPv4.
What did you specify in the config for the "listen-on-v6" directive? If you want bind to listen on IPv6, you should have that.
Different platforms have different solutions on implementing both IPv4 and IPv6 simultaneously, and this affects how servers listen.
There is the parallel stack and the unified stack approach.
With the parallel stack approach, IPv4 and IPv6 are totally independent stacks and port 53 TCP/IPv4 is different to port 53 TPC/IPv6. A server has to bind and listen on both these ports.
With the unified stack approach the following happens:
If you create an IPv4 socket, it only works on IPv4, end of story.
If you create an IPv6 socket, it will work with both IPv4 and IPv6 clients.
Then there are platforms which require you to create both an IPv4 and an IPv6 socket, but the ports are common, hence you have to set the SO_REUSEADDR flag in order to bind both IPv4 and IPv6 to the same port.
The address "loopback" will resolve typically to 127.0.0.1 which is the IPv4 loopback address. As you point out "::1" is the loopback for IPv6.
netstat -ant -f inet6| grep "\.53":
tcpdump is available on my machine. I have played around a bit with tcpdump, but i didn't find anything interesting in the output. Which parameters should i use to start tcpdump with?
In my named.conf i have set the listen-on-v6 directive to any.
And @porter: Thanks for the information. But i wasn't able to determine whether aix uses the parallel stack or unified stack approach. And if it uses the unified stack approach, where do i have to set the SO_REUSEADDR flag?
Another thing i'm not sure about is ip6.arpa zone. Do i need this zone at all? Does IPv6 not work without a correct ip6.arpa? It is only there for the reverse lookup, isn't it? so the dig request i had sent should also have been executed without the zone, or? Well, if i need it, how should it look like? I use one at the moment, and it is also loaded without any errors, but well, i'm not sure whether it is correct.
Are there any other zones that are necessary for IPv6 to work? So only the basic ones. I have a zone where my AAAA records are in.
I found out something very interesting now. When i execute "dig @::1 host1.v6mainzlab.com aaaa" the first time, i get an error in my bind.log. I have turned on logging in named.conf. The error is the following:
--------EDIT---------
I have played around a bit and tried to get the dns server started on another AIX 5.3 machine. There i have Bind 9.2.1 installed. It's the default package that comes with AIX 5.3. When i started bind i got an error message in the system log. He couldn't bind the IPv4 socket, because it is already in use. So, well, i think now we know, that AIX uses unified stack. Now i would have to know, where i have to set the flag SO_REUSEADDR. Just for testing i have set the dns not to listen on IPv4 by setting "listen-on port 53 {none};" in named.conf (btw - i did the same on the other machine with Bind 9.4.1 and it didn't work there).
On that machine, all my dig commands work fine now. I have changed /etc/resolv.conf to the following:
But when i want to ping host1 or host1.v6mainzlab.com the host cannot be found. Any ideas what is the problem here?
Last edited by skanatiker; 06-27-2007 at 06:18 AM..
Reason: set up dns on another machine
When I do simple nslookup it does not generate any query for IPV6 (AAAA). But sometimes I see DNS query for both A and AAAA are generated. What decides this? The reason I do not want AAAA query is in most of the cases AAAA records are absent. Hence, if one DNS server fails, the clients keeps... (1 Reply)
Hi,
We have built a new server (RHEL VM)and added that IP/hostname into dns zone configs file on DNS server (Solaris 10). Reloaded the configuration using
and added nameserver into resolv.conf on client. But when I am trying nslookup, its not getting resolved. The nameserver is not able to... (8 Replies)
Hi,
I have created a bonding bond1 interface with 6 Eth , mode=4. Recently i have changed my old ipv6 to new one and tried to restart as well as reload network service. Post which i can see old as well as changed ipv6 in ifconfig command output. Below are few files and command output for your... (1 Reply)
Hello, i tried to enable IPv6 networking and after service network restart i seen these messages:
FATAL: Error inserting ipv6 (/lib/modules/2.6.18-348.16.1.el5.028stab108.1/kernel/net/ipv6/ipv6.ko): Device or resource busy
CRITICAL : Kernel is not compiled with IPv6 support
Bringing up... (6 Replies)
I have Bind running on a Solaris box that is our main public DNS. Given my very limited knowledge on DNS, I changed a few of the zones in the DNS to be 'dual-stack'. I did it through Webmin, but I know that I can also do it by adding an AAAA-record to the zone file.
My question is how can I make... (2 Replies)
Hi
I am looking to have an NTP server that will support both ipv4 and ipv6 clients. Is there anything specific about the configuration that I should be looking at? (7 Replies)
I'd like to get some opnions on choosing DNS server:
Windows DNS vs Linux BIND comparrsion:
1) managment, easy of use
2) Security
3) features
4) peformance
5) ??
I personally prefer Windows DNS server for management, it supports GUI and command line. But I am not sure about security... (2 Replies)
hey guys, how to add soalris box as a microsoft DNS Client ?
and how to register in the microsoft DNS ??
i managed to query from the DNS server after adding /etc/resolve.conf and editing /etc/nsswitch.conf
but i need to register the soalris server (dns Client) into Microsoft DNS automatically.... (3 Replies)