Now we would like to do the following: 1. Make our nameservers listen on IPv6 2. Add v6 addresses to the nameservers in our zone, so they can receive v6 traffic 3. Add v6 addresses to the host records, for example "www AAAA", etc... 1. Make our nameservers listen on IPv6 a) on "master.grpX (BIND)'s named.conf, in the options section, add: listen-on-v6 { any; }; (Remember to restart named!) b) on "cache.grpX" (Unbound)'s unbound.conf, in the "server:" section, add the following parameters (in the correct locations - if necessary, search in the configuration file to place them correctly) do-ip6: yes interface: ::0 interface: 0.0.0.0 access-control: fdba:dc55:48c7::/64 allow (Remember to restart unbound!) c) on "auth.grpX" (NSD), edit nsd.conf, and in the "server:" section, add the following parameters: ip-address: fdba:dc55:48c7::XX:YY (remember to replace XX:YY with your group and IP for the auth server) 2. Now, we need to test that all your machines have IPv6 addresses in the DNS Your machines are called : master.grpX.ws.nsrc.org auth.grpX.ws.nsrc.org cache.grpX.ws.nsrc.org Since they are in the "ws.nsrc.org" zone, you need to do nothing here :) The instructor will modify the ws.nsrc.org zone, and add the v6 address you have configured on eth0, to the DNS record for "master.grpX.ws.nsrc.org" and "auth.grpX.ws.nsrc.org" and "cache.grpX.ws.nsrc.org". But test that you can "dig AAAA master.grpX.ws.nsrc.org" and see what you get... 3. Add IPv6 records (AAAA) for the names in your zone, like www, etc... You will need to add IPv6 AAAA records to all your hosts you find in your zones. If they have an A record, also add the corresponding AAAA record. You can then start to use dig and see if you can find some TLDs in the class that have AAAA records for their "www" host, for their NSes, etc... 4. Try and ping other people's hosts in the room using v6. Use dig to connect to other people's nameservers, and verify that they: - answer in IPv6 - have an IPv6 record for their name - provide DNS answer with IPv6 addresses! Some sample commands: # dig AAAA master.grpX.ws.nsrc.org Try and ping these hosts: # ping6 tldserv.ws.nsrc.org # ping6 tldslave.ws.nsrc.org # ping6 master.grpX.ws.nsrc.org Try performing DNS queries in v6 against tldserv + tldslave: # dig -6 @tldserv.ws.nsrc.org ws.nsrc.org ns # dig -6 @tldslave.ws.nsrc.org ws.nsrc.org ns *** ABOUT GLUE RECORDS AND IPv6 *** *** THIS SECTION IS ONLY RELEVANT IF YOU HAVE DECLARED DNS *** *** SERVERS WITH NAMESERVERS *INSIDE* YOUR ZONE, E.G. *** *** "NS.MYTLD." INSTEAD OF "MASTER.GRPX.WS.NSRC.ORG" *** For example, in the parent zone 'nsrc.org' we have: ws.nsrc.org. NS tldserv.ws.nsrc.org. NS tldslave.ws.nsrc.org. Since tldserv.ws and tldslave.ws are IN the zone being delegated, then we need to add glue records! ; v4 GLUE records tldserv.ws.nsrc.org. A 10.10.0.251 tldslav.ws.nsrc.org. A 10.10.0.246 In the same way, we will need IPbv6 glue records: ; v6 GLUE records tldserv.ws.nsrc.org. AAAA fdba:dc55:48c7::251 tldslave.ws.nsrc.org. AAAA fdba:dc55:48c7::246 In the child zone 'ws.nsrc.org', we will need to declare these hosts as well. In fact, as explained in class, you MUST declare them otherwise you will experience strange problems with resolution: ws.nsrc.org. SOA ... NS tldserv NS tldslave tldserv A 10.10.0.251 AAAA fdba:dc55:48c7::251 tldslave A 10.10.0.246 AAAA fdba:dc55:48c7::246 In your zone "MYTLD", you MAY or MAY NOT have used NSes IN your zone. - If you did (i.e.: ns1.MYTLD for example) ... then you need to ADD the IPv6 records for the nameservers you declared, the same way we have done for tldserv and tldslave.