User Tools

Site Tools


doc:howto:ipv6.dns

IPv6 DNS

This assumes that you have already configured working IPv6 as described in ipv6.essentials.

It is still a work in progress and may not be completely correct!

This guide uses DNSMasq as a DNS forwarder and RADVD to propagate DNS resolvers to the local network. More information on the configuration on dnsmasq can be found in a how-to and the documentation of /etc/config/dhcp which covers dnsmasq as well as dhcp.

Enable IPv6 for localhost

Add the localhost address to /etc/hosts:

...
::1 localhost localhost6

Configure /etc/resolv.conf (while DNSMasq is stopped):

nameserver 127.0.0.1
nameserver ::1

Remember to check that /etc/resolv.conf is indeed a proper file and not a symbolic link to an auto-generated file, e.g. /tmp/resolv.conf.auto.

Configure Public DNS Servers

Depending on the connection used, several options for DNS exists.

Static

See this to configure DNS servers staticaly if your provider has ipv6 dns servers.

OpenDNS

OpenDNS provides publicly available IPv6 DNS servers for use by everybody. More information can be found at http://www.opendns.com/ipv6/.

Add DNS Servers to forward to (using GUI or CLI) /etc/config/dhcp:

config 'dnsmasq'
         ...
         list 'server' '2620:0:ccc::2'    # OpenDNS
         list 'server' '2620:0:ccd::2'    # OpenDNS 

SixXS

If a SixXS tunnel is used to gain IPv6 connectivity, the SixXS DNS servers are also available, see http://www.sixxs.net/tools/dnscache/ for more details. Depending on the region, the following servers are reachable from within the SixXS address space:

nscache.eu.sixxs.net for Europe
nscache.us.sixxs.net for the United States
nscache.ap.sixxs.net for the Asia Pacific area

In order to get the actual IP addresses one can do a lookup using the commanddig. (See below for details on how to get it for OpenWRT).

However, the approach desribed above results in a catch-22 with SixXS IPv6 tunnels as AICCU needs to resolve tic.sixxs.net in order to establish the IPv6 tunnel which is necessary for the SixXS DNS server to work. A workaround is to fall back to IPv4 DNS servers during the establishment of the SixXS IPv6 tunnel and then reengage the IPv6 serves once the tunnel is up.

In order to do this, configure /etc/config/dhcp as follows:

config 'dnsmasq'
         ...
         option resolvfile  '/etc/resolv.conf'
         option strictorder 1

It is not necessary to set any option server settings as all information is contained in the resolve file.

Alter /etc/resolv.conf to contain the SixXS DNS servers for your region as well as some other IPv4 DNS servers below that (the example uses the US SixXS servers and IPv4 OpenDNS):

nameserver 127.0.0.1
nameserver ::1
nameserver 2001:4de0:1000:a3::2
nameserver 2001:4de0:1000:a4::2
nameserver 208.67.222.222
nameserver 208.67.220.220

Using ''dig'' to get the DNS IPs

NOTE: The addresses given above for the SixXS DNS servers were checked on 3/25/2012 and might change. If in doubt, check with the command dig, which is part of the bind-dig packages for OpenWRT. The commands to install it on OpenWRT are

:~# opkg update
:~# opkg install bind-dig
but running it on any other box that already provides the command also works.

:~# dig @nscache.us.sixxs.net AAAA nscache.us.sixxs.net
; <<>> DiG 9.9.0 <<>> @nscache.us.sixxs.net AAAA nscache.us.sixxs.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13041
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nscache.us.sixxs.net.          IN      AAAA

;; ANSWER SECTION:
nscache.us.sixxs.net.   3600    IN      AAAA    2001:4de0:1000:a3::2
nscache.us.sixxs.net.   3600    IN      AAAA    2001:4de0:1000:a4::2

;; Query time: 1274 msec
;; SERVER: 2001:4de0:1000:a4::2#53(2001:4de0:1000:a4::2)
;; WHEN: Sun Mar 25 17:57:48 2012
;; MSG SIZE  rcvd: 94

Propagate DNS Server to LAN

This uses RADVD to propagate DNS to the LAN

Enable RDNSS on the LAN interface to propagate the IPv6 address of the (local) DNS server using the GUI or CLI (/etc/config/radvd):

config 'rdnss'                    
        option 'interface' 'lan'  
        list 'addr' '2001:123:456:789::1'          
        option 'ignore' '0'

Enable DNSSL on the LAN interface to propagate the search suffix for the LAN (in this case lan eg. host1.lan) using the GUI or CLI (/etc/config/radvd):

config 'dnssl'                  
        option 'interface' 'lan'
        option 'ignore' '0'     
        list 'suffix' 'lan'

DNS Hostnames on the LAN

If you use DNS for servers on the LAN (for example, ntp.lan for a local ntp server, gw.lan for the gateway) then you need to configure DNSMasq to return IPv6 addresses for them too. This can be done using the GUI or CLI.

Currently, this seems to work if you create additional Hostname entries with an IPv6 address instead of an IPv4 address.

/etc/config/dhcp:

...

config 'domain'
        option 'name' 'ntp'
        option 'ip' '192.168.1.254'

config 'domain'
        option 'name' 'ntp'
        option 'ip' '2001:123:456:789::1'
It may be possible to assign one entry with two IP addresses but I think this would break the GUI. Two separate definitions seems to work fine

doc/howto/ipv6.dns.txt · Last modified: 2012/07/13 12:18 by mattwire