DNS and IPv6

Unanswered Question
Feb 5th, 2009
User Badges:

Good afternoon,


I have a Windows 2003 server running Active Directory and maintains my DNS records. This is sitting on the 2001:db8:0:1::/64 segment. I have devices that are on my 2 and 3 segments respectively. I have entered the devices into my DNS using AAAA records. If a machine is sitting on either the 2 or 3 segments, they cannot ping by name. I have Cisco 1812 series routers running RIPng. I have enabled the following commands in my router config:


ip domain-name

ip name-address


If need be I can post the configuration files. This is a test network.


Any assistance would be appreciated.


Thanks,

Greg

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Thu, 02/05/2009 - 12:04
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Greg,


in ipv4 we need an ip helper-address to rely the DNS request to the DNS server


I may be wrong but if you use stateless config you should need something similar:

or hosts know what ipv6 address has the DNS server


something like the following


ipv6 dhcp pool dhcp-pool


dns-server 2001:0DB8:A:B::1


dns-server 2001:0DB8:3000:3000::42


domain-name example.com


!


interface Ethernet0/0


description Access link down to customers


ipv6 address 2001:0DB8:1234:42::1/64


ipv6 nd other-config-flag


ipv6 dhcp server dhcp-pool



see


http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-dhcp.html#wp1055654


I don't know if this is supported in your release and device.


Hope to help

Giuseppe



gjb911169 Fri, 02/06/2009 - 06:36
User Badges:

I have a helper address set for v4 so there is no equal in v6 and then must be through DHCPv6? I am about to try the directions you had listed. Also here is a copy of the current configuration.


Thanks

Greg



Giuseppe Larosa Fri, 02/06/2009 - 07:15
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Greg,

IPv6 has abolished broadcasts it uses a lot of specialized multicast ip addresses and has the concept of Anycast.


For this basic reason an ipv6 helper address is probably not available.


So one way to do this is using DHCPv6 to pass the information of what ipv6 address has the DNS to the hosts.


Hope to help

Giuseppe


Harold Ritter Fri, 02/06/2009 - 09:04
User Badges:
  • Cisco Employee,

Greg,


Giuseppe is right. IPv6 Autoconfiguration will not provide a DNS server address to the clients. You can configure IPv6 Stateless DHCP on the router to pass the DNS server address to the connected workstations.


Please refer to the following document for more information on stateless DHCP.


http://www.cisco.com/en/US/products/ps6553/products_white_paper09186a00801e199d.shtml


Regards

gjb911169 Fri, 02/06/2009 - 09:59
User Badges:

Everything looks to be working based on Giuseppe's suggestion. Also thanks for the white paper. It clears a few other items up for me.


Greg

gjb911169 Wed, 03/04/2009 - 09:03
User Badges:

Well I thought I had this solved. DNS is not working for v6 only segments. On my 1 and 2 segments both networks are dual stacked and DNS works properly. If I attempt to use DNS from v6 only segment, I am unable to ping by name. I have been running network captures and am not seeing anything in the Router Advertisement messages.


This is what my FA1 interface shows:

ipv6_router3# sh ipv6 interface fa1

FastEthernet1 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::223:4FF:FE38:9FED

No Virtual link-local address(es):

Global unicast address(es):

2001:DB8:0:4:223:4FF:FE38:9FED, subnet is 2001:DB8:0:4::/64 [EUI]

Joined group address(es):

FF02::1

FF02::2

FF02::9

FF02::1:2

FF02::1:FF38:9FED

FF05::1:3

MTU is 1500 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds

ND advertised reachable time is 0 milliseconds

ND advertised retransmit interval is 0 milliseconds

ND router advertisements are sent every 200 seconds

ND router advertisements live for 1800 seconds

ND advertised default router preference is Medium

Hosts use stateless autoconfig for addresses.

Hosts use DHCP to obtain other configuration.


I have a DHCP Pool built for the stateless autoconfiguration to push out the additional information. Let me know if anyone wants to view the configurations.


Greg

vgrigaliunas Wed, 03/04/2009 - 09:19
User Badges:

Hi...


If these are Windows XP clients, I believe Windows XP doesn't do DNS queries over IPv6. Not sure about Vista and above...just a thought...

gjb911169 Wed, 03/04/2009 - 10:29
User Badges:

These are Windows XP clients. I also have Linux clients that also cannot get the DNS information. It seems as if the router is not sending out the "O" flag information. I am not seeing the DNS Server IP in the Router Advertisement.


Greg

vgrigaliunas Wed, 03/04/2009 - 10:36
User Badges:

Do names resolve on the Linux clients if you hard-code the IPv6 DNS server address in resolv.conf ? I believe sending the DNS server info within the RA is still an RFC in discussion and not implemented yet, but I'd need to double-check...

gjb911169 Wed, 03/04/2009 - 10:45
User Badges:

I placed it as part of the DHCP pool. There is a pool group called segment4. The DNS server and domain name are located within the DHCP pool. I had followed the Implementing DHCPv6 piece that was suggested earlier. The pool has been turned on for FA1 which routes the 4 segment through all the routers back to the 1 segment. I will try hard coding into one of the Linux machines as another troubleshooting step.


Thanks

vgrigaliunas Wed, 03/04/2009 - 10:56
User Badges:

If it's configured as a DHCPv6 option, then it should be being sent in the DHCPv6 offer packet I would assume. Did you examine the DHCPv6 packets ? And are the DHCPv6 Linux clients accepting it - any client logging available ? I haven't had much experience with DHCPv6 yet, but I've heard that implementations aren't quite fully robust yet...

gjb911169 Wed, 03/04/2009 - 11:03
User Badges:

I need to go back and run some more captures. I have not seen anything for DHCPv6 come across the wire. That is why I am wondering if there is something else that may need to be done with the router to start up the DHCPv6 option.


Thanks,

Greg

gjb911169 Wed, 03/04/2009 - 11:56
User Badges:

Here is another question. Do you need to set the routers to run also as DHCPv6 relays to properly connect back to the DNS server? Again I am not seeing any DHCP requests coming across the wire.


Greg

vgrigaliunas Wed, 03/04/2009 - 13:24
User Badges:

DNS queries shouldn't need to be relayed. You should at least see DHCPDiscovers from the DHCP clients on the wire. Are you sure the clients are sending DHCP requests ? Have you tried DHCP debugging on the router serving as a DHCP server ? Also, I'm 99.9% positive that Windows XP doesn't support DNS queries over IPv6. You mentioned that the DNS server was running Windows 2003. Are you sure 2003 supports DNS over IPv6 ?

gjb911169 Wed, 03/04/2009 - 13:28
User Badges:

I can create the records and I have not found any documentation that it does not work. I am going to keep hacking away untill I figure it out. By the way, I tried to set the DNS address on a linux box and it did not work. I think it may be a config issue. I will try and post the config before I leave for the day.


Thanks again

Greg

gjb911169 Thu, 03/05/2009 - 07:43
User Badges:

Here are the router configurations. One is Router 1 which goes between the first 2 segments and where DNS works. The second one is for Router 2 which goes between 2 and 3 and DNS does not work. The first router is dual stacked while the second is not. I suspect this is the issue.


Thanks

Greg



Attachment: 
vgrigaliunas Thu, 03/05/2009 - 10:38
User Badges:

You may as well not bother with your Windows XP clients. There is a thread currently going on on the DHCP mailing list regarding the host-id with DHCPv6. A clip from one of the mailings - "Right now, only Windows Vista/7 and Linux even support DHCPv6 at all.

Neither Mac OS 10 nor XP support it."

gjb911169 Thu, 03/05/2009 - 10:46
User Badges:

I am less worried about the XP clients and just trying to ensure DNS works using the DHCPv6 stateless autoconfig options. I have linux boxes that are not receiving the information. I just want to ensure the configurations are correct and then I can move from there. I can also post my topology diagram again to show what this test network looks like.


Greg

vgrigaliunas Thu, 03/05/2009 - 10:57
User Badges:

I assume the Linux boxes can ping6 your DNS server. I would suggest you make sure the Linux boxes are sending DNS queries via IPv6, that these queries are making it to your DNS server, that your DNS server is responding to these queries, and that the responses are making it back to the Linux boxes. Then I would move on to the DHCPv6 options and why they aren't working with the Linux boxes.

vgrigaliunas Thu, 03/05/2009 - 10:49
User Badges:

The Windows XP systems will use IPv4 to do DNS queries for IPv6 AAAA records, since they don't support DNS queries over IPv6. Although your Linux systems should work behind router 2.

gjb911169 Thu, 03/05/2009 - 10:54
User Badges:

That is the rub. I am not sure why the queries are not reaching the DNS server. I am posting the topology now so you can see what it looks like. It is a very basic setup. I am not seeing anything in the Router Advertisements that show the O bit is set and the DNS server IP as being sent to a client.


Thanks again.

Greg



Attachment: 
vgrigaliunas Thu, 03/05/2009 - 11:08
User Badges:

Yep...pretty straight forward setup. On the dual-stack subnets, are you sure the Linux boxes are getting the DNS server IP address via DHCPv6 ? How are they getting their IPv4 addresses...via DHCPv4 with options for the DNS server IPv4 address ? Or are the IP configs manually set ?

d_ferraro Thu, 09/10/2009 - 08:47
User Badges:

Has this been resolved? I am running into similar issues.

Actions

This Discussion