How does DNS work in IPv6?


There are new records in DNS for IPv6, which support the ease of maintenance and mobility which are hallmarks of IPv6. These will be available in BIND version 9, which is currently in beta test and is running here at the iLabs IPv6 demonstration booth. The A6 and DNAME records, and BINARY LABEL syntax, allow a site to make DNS entries for IPv6 addresses, without the necessity of hard-coding the Provider's address fields.

IPv6 networks can also use the AAAA record for transition between IPv4 and IPv6 networks. You'll read more about that later. AAAA records are supported in older versions of BIND, such as BIND version 8.

The A6 Record

The A6 record is used to represent a 128-bit IPv6 address. When an IPv6 aware application wants to look up the name of an IPv6 server, it will request an A6 record from the DNS server. (Just as a reminder: in IPv4, applications request the A, for "Address," record to translate names to addresses.)

The first several bits (words, actually) of the address are the Provider's prefix. In IPv4, this is analogous to the network number, which is the same for all systems on the network and gets repeated a lot. Since IPv6 addresses are so much longer, we'd rather not hardcode that prefix into the local DNS. The A6 record lets us refer to the Provider's DNS for those bits in the address. This gives Provider and Client more independence from each other's DNS. In addition, if the network changes ISPs, there is no need to modify the DNS---you can simply change the referral record to point to the new ISP.


;A6 RR format;


; IN


linux A6 64 ::02d0:09ff:fef7:6d2c

In the example above, the name given in the Referral field is defined in the Provider's DNS, and would have the first 64 bits of the address being looked up.

Thus, when an application looked up the name "linux," it would get the last 64 bits of the address from the address (A6) record above, and then go to to get the first 64 bits, which it would combine to get a full IPv6 address.

Translating Numbers back to Names

Traditionally in the Internet, PTR ("pointer") records are used in IPv4 to translate IP addresses back to human-friendly names. IPv6 uses the same strategy, with very minor modifications.

The PTR records just get longer, and belong to the new domain IP6.INT. There is one hex character for each nibble (four bits) in the address:


c.2.d.6.7.f.e.f.f.f.9.0.0.d.2.0 PTR

To achieve the same sort of provider-independent DNS in the reverse addresses as is present in the forward (A6) addresses, IPv6 has a dereferencing scheme using DNAME records.

The DNAME record is similar to the CNAME record, and is used to reference the Provider's prefix in PTR records. The BINARY LABEL syntax allows arbitrary bit boundaries. For example, the Provider's DNS has a DNAME defining their IP6.INT prefix:

\[x3ffe13004545/48] DNAME IP6.provider.dujour.

The client's DNS can then refer to this record. The client site name is also defined with a DNAME record:

\[x001/16].IP6.provider.dujour DNAME

\[x02d009fffef76d2c] PTR

The AAAA Record

The AAAA record is to help transition and coexistence between IPv4 and IPv6 networks. It is here today - supported in BIND 8.1.x. With this record, an IPv4 nameserver can provide IPv6 addresses:

linux aaaa 3ffe:1900:4545:2:02d0:09ff:fef7:6d2c

The PTR record is the same as the first example above, using dotted nibbles. Most DNS servers supporting IPv6 today are doing so with AAAA records running a production version of BIND.

Exploring the IPv6 DNS

Providing a DNS server which supports AAAA, A6, and DNAME records is only one side of the equation of making an IPv6 network work. You still need applications and tools which understand those records. On the FreeBSD system, try the following commands in a terminal window:

$ nslookup —q=any linux


This nslookup does not understand A6 records, but at least it shows you the data.

You may look at the BIND configuration files on the bsdv6-one machine. The files are located in /etc/named9.conf and /etc/namedb9. You can see the most interesting file by giving the command:

$ more /etc/namedb9/v6.domain

There is a simple dig ("Domain Internet Groper") tool which understands the new records types. Try the command

$ sdig any

$ sdig a6

A fully-implemented IPv6 dig and nslookup tools will be part of the BIND 9 release.