Broadband Tech > IPv6 > How to get AAAA registered?

How to get AAAA registered?

The AAAA record for the web host is only the beginning. As you advance through the certification program you will also need to have reverse dns for the routed /64 subnet, an MX record for a mail server and an entry in the reverse dns zone for the IPv6 address of the mail server (not necessarily in this order). The one item that seems to prevent participants from getting their Sage certification is the requirement to have a Internet registry provide AAAA glue data for your nameserver (I haven't checked yet whether or not mine does that).

You will learn more about IPv6 if you run your own dns servers and use those for the certification program. If the cost of a domain registration is an issue, there are free third-level domain names that you can use (freedns.afraid.org).
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!

Thanks. I have been reading about that stuff in the certification forum, but I don't really comprehend it all, yet.

You can run your own DNS? Hmmm. I knew you could run a caching DNS. But, even if you ran your own DNS, wouldn't your domain still have to be registered with someone?

I'm probably getting in over my head.

Tim
--
"Life is like this long line, except at the end there ain't no merry-go-round." - Arthur on The King of Queens
~ Project Hope ~

BIND9 is actually moderately simple. You just tell it for which zones it is either seco ndary or primary, and in what pathname the zone data resides or will reside. As a hypothe tical example:

zone "timcuth.us" in {
        type master;
        file "/var/lib/bind/timcuth.us.zone";
        allow-transfer {
                192.168.1.0/24;
                ::ffff:192.168.1.0/112;
                2001:470:e107:beef:/64;
        };
      allow-update { key localkey.; } ;
};

zone "google.com" IN {
   type forward;
   forward first;
   forwarders {
       2001:470:20::2;
       74.82.42.42;
   };
};

zone "youtube.com" IN {
   type forward;
   forward first;
   forwarders {
       2001:470:20::2;
       74.82.42.42;
   };
};

Thank you. I will start looking into that next week. Weekends are for the "honey do" list.

Yesterday, I did the DNS thing at he.net. It was successful and it seemed like it had registered something with ARPA. But, I never could get resolution and, reading through others' problems in the forums, I kept finding things where the HE people were saying your domain still had to be a paid thing, registered via somebody else.

Even though, as a database person I was never all that interested in networking, IPv6 has me learning a tremendous amount about it. Even an old dog can learn new tricks.

Tim
--
"Life is like this long line, except at the end there ain't no merry-go-round." - Arthur on The King of Queens
~ Project Hope ~

reply to timcuth
Ok, it looks like I can register a .info domain with my current hosting company (1and1) for $0.99 per year. Will that work for my DNS domain on HE certification? Will I be able to use it for a server I run at home?

Tim
--
"Life is like this long line, except at the end there ain't no merry-go-round." - Arthur on The King of Queens
~ Project Hope ~

Yes, it doesn't matter what top-level domain you register your domain in. I'm using a .info domain for my IPv6 experiments as well.

If you think you might want to keep the domain longer term look at the renewal rates, not just first year teaser rates. There are different pricing structures for the different top level domains.

As for setting up your own DNS server(s), there are enough things that can be done wrong to keep it interesting but if you follow the documentation you should be able to figure it out yourself.

A little help to get you started in planning your own servers.

A recursive DNS server is one that accepts a request from a client and if it doesn't have the correct answer in its own data will go and and make DNS queries on behalf of the client to other DNS servers on the Internet starting at the top (root zone) until it gets the answer to be returned to the client.

A caching DNS server is always a recursive DNS server and in fact it would be very unusual to find a recursive DNS server that isn't also caching the results that it finds. This greatly speeds up Internet access as the DNS server can respond immediately to repeated requests. Due to the possible risk of cache poisoning it is recommended to restrict access to a caching DNS server to trusted clients (typically the computers on the local network instead of the entire Internet).

A master DNS server is a server that has the official data for a zone in its configuration files. Any updates to a zone need to be done on this server. A zone can be a forward zone (e.g. timcuth.info) or a reverse zone (e.g. 1.168.192.in-addr.arpa or f.e.e.b.7.0.1.e.0.7.4.0.1.0.0.2.ip6.arpa). If notify is enabled on the master DNS server it will propagate changes faster to any slave DNS servers.

A slave DNS server proactively fetches zone data from a master DNS server or another slave DNS server even before receiving a request from a client. A slave DNS server will keep this data up to date by periodically checking whether it still has the most recent data (based on the zone serial number) and also by listening to notify messages. The slave DNS server will save the zone data in files to keep it persistent across restarts.

An authoritative DNS server is a master or slave DNS server that is listed in the parent zone to provide the official data for a zone. In order to work properly authoritative DNS servers must be configured to answer queries from all clients on the Internet (individual queries only, zone transfers can be restricted). There should be at least two authoritative DNS servers for each zone (ideally at different locations).

Bind (and most other DNS server software) can be configured to do all of the above. The absolute minimum would therefore be a single DNS server that is publicly accessible and is configured as master for your forward zone as well as the reverse zone of the routed /64 subnet. You could use the same server as a recursive/caching DNS server but this is something I don't recommend (it is best not to allow recursive queries on authoritative DNS servers).
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!

Most people who only setup IPv6 in order to go through the HE certification setup one computer as tunnel endpoint and IPv6 router. A second computer is setup as general purpose server. Those two computers don't have to be physically separate servers, they can just be virtual machines.

In this case that local server would do triple duty as a DNS server, web host and email server and you would use that IPv6 address (one of the addresses from the routed /64 block) in the AAAA record for www.timcuth.top

You could run a webserver also on the first computer that is acting as IPv6 tunnel endpoint. In that case the Client IPv6 address would be the one to put into the DNS for www.timcuth.top. Just beware that in this case you can't provide reverse DNS entries (RDNS delegations are only done for the routed /64 block). That may not matter for the webserver but will matter for the email server.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!

reply to timcuth
Here is what I have done, this morning. If it is dead wrong, please let me know.

1) Selected my new domain in my control panel at 1and1. Chose "Edit DNS". Chose "My DNS Servers". Added ns2.he.net, ns3.he.net, ns4.he.net, and ns5.he.net. Applied changes.

2) Went to dns.he.net and added the full ipv6 IP address of my Ubuntu client PC, associated with my new domain name. It showed success and gave me a long string of single hex digits ending with ".ip6.arpa"

Status still shows as "updating" on the 1and1 side, so I cannot expect things to work, now. But, is this a correct way to do things?

Tim
--
"Life is like this long line, except at the end there ain't no merry-go-round." - Arthur on The King of Queens
~ Project Hope ~

I'm running my own DNS servers (always have) so I have not checked out the free DNS service provided by Hurricane Electric. The single digit hex string ending with ".ip6.arpa" is the reverse DNS zone.

You should have two DNS zones, one forward zone for your Domain and one reverse zone for your /64 block of IPv6 addresses.

From the description at HE.net it sounds as if they are managing the reverse zone automatically based on the entries you are making in the forward zone.

I did check last night with my domain registry and they are providing IPv6 glue data so it looks like I'm all set.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!

reply to timcuth
I am trying to get bind9 running and having much difficulty. I am concentrating on making a very basic configuration, but I can't even get that right.

It is choking on the third line of this:

zone “1.168.192.in-addr.arpa” {
type master;
file “/etc/bind/zones/rev.1.168.192.in-addr.arpa”;
};

with the complaint that

named.conf.local:16: expected quoted string near '“'

I cannot see the problem.

Tim
--
"Life is like this long line, except at the end there ain't no merry-go-round." - Arthur on The King of Queens
~ Project Hope ~

The documentation states that the CLASS is optional, but I have always specified IN (Internet) explicitly. The main problem however is that you are are using the wrong type of double quotes. You must use the normal/ordinary/regular/standard double quotes (US-ASCII 0x22). Wordprocessor fancy open/close double quotes may look nice but they will never work in source code or configuration files.

zone "1.168.192.in-addr.arpa" IN {
    type master;
    file "/etc/bind/zones/rev.1.168.192.in-addr.arpa";
};

Thanks. I probably did cut and paste them from a tutorial. I always get bitten when I do that.

The IN was in my original code, but I removed it because it was not in one of the examples I was looking at. I'll put it back.

Tim
--
"Life is like this long line, except at the end there ain't no merry-go-round." - Arthur on The King of Queens
~ Project Hope ~

Replacing all the double-quotes in the file fixed it. I have bind9 running. Thanks, again.

Tim

reply to timcuth