New IPv6 DNS and BIND Book

New book provides important information for IPv6 BIND configuration

I was excited when I saw that Cricket Liu published an update to his popular DNS & BIND book covering the IPv6-specific details of DNS. I rushed right out and pre-ordered "DNS & BIND on IPv6". Enabling your DNS servers for IPv6 is an important step in your Internet-edge IPv6 implementation strategy. This book covers all the pertinent information BIND DNS administrators need to get started with IPv6.

I had first purchased the O'Reilly and Associates "DNS and BIND" book back in the mid-1990s. At the time I was administering some large DNS servers and I wanted to be sure I knew what I was doing. The book was considered the definitive guide on DNS. These DNS books also made Cricket Liu a household name. Back then we just worked on zone files for IPv4 hosts and in-addrs. It wasn't until BIND 8.4 (or BIND 8.X with the IPv6 patch) we able to configure the new-style zone file syntax with IPv6 resource records and IPv6 reverse-mapping zones. Now, all releases of BIND 9.X have essentially feature parity for IPv4 and IPv6.

When you are planning the implementation of IPv6 for your organization it is prudent to start at your Internet perimeter first. Those are the places where your environment touches the IPv4 Internet and you use public IPv4 addresses. It is also the place where you will first establish IPv6 Internet connectivity for your organization and use your global IPv6 addresses. Once you have IPv6 Internet connectivity then you will want to enable IPv6 on some computers and IPv6-enable services. Because no one wants to manually enter an IPv6 address you will need to substantially rely on DNS. The list of devices in your perimeter environment that need IPv6 capabilities include: Internet routers, servers, firewalls, and of course, DNS servers.

The current fifth edition of "DNS and BIND" was published in 2006. It did contain some of the substantial information about IPv6 configuration. Cricket Liu has been so busy that he hasn't had time to work on the sixth edition. Cricket Liu knows how important the information about IPv6 and DNS is to the industry so he wanted to get out this new book "DNS & BIND on IPv6". Many organizations rely on BIND as their DNS service and they will need to perform IPv6 configurations as part of their Internet-edge IPv6 deployment. Then at some point in the future the sixth edition of "DNS and BIND" would contain the important information about IPv6 configuration.

This book doesn't waste any time and gets right into IPv6 addresses and configuring forward (AAAA-records) and reverse mappings (ip6.arpa). This book covers delegation and then covers how to set up your /etc/named.conf file so BIND can operate over IPv6 transport. The book shows how to setup named to run over IPv4-only or IPv6-only although most of the time you will leave DNS running IPv4-only or dual-protocol. This is important because Macs and Windows XP/Server 2003 perform DNS queries over IPv4-only transport. Therefore, those operating systems won't make use of a DNS server capable of both IPv4 and IPv6 connections.

The chapter on "Resolver Configuration" shows you how to configure nameservers on DNS clients to work correctly with DNS resolvers. This book also covers the current topic of NAT64 and how a NAT64 can proxy IPv6 DNS queries and respond with a synthesized 64:ff9b::/96 IPv6 AAAA-record response that is used by the NAT64 function. This book also covers how to troubleshoot IPv6 DNS issues using dig. This book is useful and it puts all the IPv6 configurations for BIND into one single text.

What struck me initially about the book was its size. It was very thin. The book is listed as having 52 pages but the book only has 37 actual pages in it so it is only about 3/16" (~5mm) thick. The book is so thin that it doesn't even have an index. Then I checked to see how much I paid for the book. It turns out I paid $30 to pre-order it so I had it as soon as possible. That comes out to 81 cents per page. If my IPv6 Security book was priced similarly, it would sell for about $418.

From reading the book and performing research about how reverse lookups are configured for IPv6 addresses you will realize how painful it is to type those in manually. Therefore, you may want to rely on a DNS system that automates the creation of reverse-mapping zones and PTR record entry. If you are using Microsoft Server 2008 for your DNS server then it does this for you. There are also a host of DNS appliances that can also make your life easier than manually maintaining your own BIND zone files by hand. These systems have graphical interfaces and may other tools to help you manage your IPv6 address allocation. As you may know, Cricket Liu is now employed by Infoblox who offer a set of IPAM, DNS, and DHCP products. BlueCat Networks offers their Adonis DNS/DHCP appliance. BlueCat is also hosting a series of IPv6 events around the country and you should look at attending these seminars to learn more about IPv6. Secure64 offers appliances that function as IPv4/IPv6 authoritative name servers that also support DNSSEC. InfoWeapons SolidDNS is a secure DNS server that has supported IPv6 for many years. Cisco also offers their Cisco Network Registrar (CNR) release 7.2 DNS/DHCP server software. There are other IPv6-capable DNS servers out there and here is a good table for comparison.

The transition to IPv6 is underway and the IPv6-enabled Internet already exists. IPv4 addresses are running out so you better make progress on your IPv6 transition plans today. I strongly encourage you to learn about the IPv6 features in your DNS servers and this new book can help. Enabling IPv6 records in your public-facing DNS servers will be one of the first steps in your IPv6 implementation task list.

Scott

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10