Basic IPv6 Resolver Configuration in Ubuntu

Most DNS servers these days are glad to resolve IPv6 addresses from clients who send the queries packaged in IPv4 packets.  In the grand scheme of things the DNS servers don’t care how you sent the question, they just care about the question.  And because almost everybody still relies heavily upon IPv4, most of us who are trying to push toward IPv6 have been satisfied to get our AAAA resolutions using IPv4 as the transport.  But if you want to start being more ‘pure’ in your IPv6 deployments you need to give your system the ability to not only send IPv6 packets out into the Internet, you also need to learn where it is you are going via IPv6 as well.  Put plainly, you need to configure your system to get its IPv6 name resolution using IPv6 packets.

Fortunately, this is a simple thing to do.  The most difficult part is finding a suitable IPv6 DNS server.  Since I am currently IPv4-land-locked by my service provider I tunnel to the IPv6 Internet using the free services provided by Hurricane Electric.  Those folks, in their continued incredible IPv6 coolness, also provide an IPv6 DNS server that I can use for my resolver clients.  Currently that address is 2001:470:20::2.  All I need to do to give my Ubuntu (11.04) install the ability to query DNS using IPv6 as the transport is 1) configure a tunnel using Hurricane Electric’s tunnel broker service (a topic for another day) and 2) update my resolver configuration file (resolv.conf) with the IPv6 DNS server’s address.

To make the update open a terminal and, using the editor of your choice, add the IPv6 nameserver to your /etc/resolv.conf file.

Here is a snippet of my /etc/resolv.conf file after making the change:

# Google Public DNS
nameserver 8.8.8.8
nameserver 8.8.4.4
# he.net IPv6 DNS
nameserver 2001:470:20::2

In order to test that my config is working correctly, I use Wireshark and dig.

dig DNS capture

dig DNS capture (Click for a larger view)

In the screen shot above you can see packets #3 & 4 are from a standard dig aaaa www.sixxs.net.  Even though the returned addresses are IPv6 addresses you can see that the source and destination IP addresses are decidedly IPv4.  If you jump down to packets #10 & 11 you can see what happened when I entered dig -6 aaaa www.sixxs.net.  I got the same resolution form the server put my request got shipped out using IPv6 packets.

If your company, service provider or tunnel broker don’t offer you a DNS server you can use I suggest finding one the same way as the rest of us:  http://www.google.com.

You feel that?  One tiny step closer to native IPv6…

Cheers,

Colin Weaver

 

About the Author

Colin Weaver

Colin Weaver is co-owner and lead instructor at ITdojo, Inc., a network security and information assurance training center and consulting firm located in Virginia Beach, VA. His passion for technology, networks, and security has led him to become enthralled with the idea of IPv6 and its implementation. In this blog he will share with you glimpses of what he has learned and a hint at what you’ll learn in his classes.