Configure Dual Stack DNS Server on CentOS 7 - CentLinux

Latest

Tuesday, 27 August 2019

Configure Dual Stack DNS Server on CentOS 7

Configure Dual Stack DNS Server on CentOS 7

A Dual Stack is a network of computer systems that are capable of processing both IPv4 and IPv6 traffic simultaneously. A Dual Stack strategy is also used to migrate network from IPv4 to IPv6. Dual stacks are programmed to prefer IPv6 traffic over IPv4 traffic.

In our previous article, we have configured an IPv4 based Authoritative DNS server on CentOS 7. However, some fans request that, we should also write an article on Dual Stack Authoritative DNS Server on CentOS 7.

Therefore, in this article, we are using the same server machines from our previous article, setup a Dual Stack network between them and then we will configure our BIND DNS server to serve RR (Resource Records) for both IPv4 and IPv6 stacks.

 

Reading Advice:

IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6 by Cisco Press

 

This Article Provides:

     

    Environment Specification:

    We are using the same CentOS 7 virtual machines that we have configured in our previous article i.e. Configure Authoritative DNS Server on CentOS 7.

    Primary (Master) DNS Server:

    • CPU - 3.4 Ghz (1 Core)
    • Memory - 1 GB
    • Storage - 20 GB
    • Operating System – CentOS 7.6
    • Hostname - dns-01.example.com
    • IPv4 Address - 192.168.116.4 /24
    • IPv6 Address - fd15:4ba5:5a2b:1008::1 /64

    Secondary (Slave) DNS Server:

    • CPU - 3.4 Ghz (1 Core)
    • Memory - 1 GB
    • Storage - 20 GB
    • Operating System – CentOS 7.6
    • Hostname - dns-02.example.com
    • IPv4 Address - 192.168.116.5 /24
    • IPv6 Address - fd15:4ba5:5a2b:1008::2/64

    Note: The above machines are already configured on IPv4 based network.

     

    Configure IPv6 network on CentOS 7:

    Connect with dns-01.example.com using ssh as root user.

    Set an IPv6 address on this server.

    [root@dns-01 ~]# nmcli c m ens33 ipv6.method manual ipv6.addresses "fd15:4ba5:5a2b:1008::1/64" ipv6.gateway fd15:4ba5:5a2b:1008:153c:3b05:4535:d080

    Restart network interface to load changes.

    [root@dns-01 ~]# nmcli c down ens33 ; nmcli c up ens33 Connection 'ens33' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

    Ping IPv6 address of network Gateway to verify connectivity.

    [root@dns-01 ~]# ping6 fd15:4ba5:5a2b:1008:153c:3b05:4535:d080 PING fd15:4ba5:5a2b:1008:153c:3b05:4535:d080(fd15:4ba5:5a2b:1008:153c:3b05:4535:d080) 56 data bytes 64 bytes from fd15:4ba5:5a2b:1008:153c:3b05:4535:d080: icmp_seq=1 ttl=64 time=2.03 ms 64 bytes from fd15:4ba5:5a2b:1008:153c:3b05:4535:d080: icmp_seq=2 ttl=64 time=0.906 ms 64 bytes from fd15:4ba5:5a2b:1008:153c:3b05:4535:d080: icmp_seq=3 ttl=64 time=0.757 ms 64 bytes from fd15:4ba5:5a2b:1008:153c:3b05:4535:d080: icmp_seq=4 ttl=64 time=0.886 ms ^C --- fd15:4ba5:5a2b:1008:153c:3b05:4535:d080 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3040ms rtt min/avg/max/mdev = 0.757/1.145/2.034/0.517 ms

    Now connect with dns-02.example.com and set an IPv6 address.

    [root@dns-02 ~]# nmcli c m ens33 ipv6.method manual ipv6.addresses "fd15:4ba5:5a2b:1008::2/64" ipv6.gateway fd15:4ba5:5a2b:1008:153c:3b05:4535:d080

    Restarting network interface to reload the changes.

    [root@dns-02 ~]# nmcli c down ens33 ; nmcli c up ens33 Connection 'ens33' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

    Ping dns-01.example.com by using IPv6 address to verify connectivity.

    [root@dns-02 ~]# ping6 fd15:4ba5:5a2b:1008::1 PING fd15:4ba5:5a2b:1008::1(fd15:4ba5:5a2b:1008::1) 56 data bytes 64 bytes from fd15:4ba5:5a2b:1008::1: icmp_seq=1 ttl=64 time=0.699 ms 64 bytes from fd15:4ba5:5a2b:1008::1: icmp_seq=2 ttl=64 time=0.858 ms 64 bytes from fd15:4ba5:5a2b:1008::1: icmp_seq=3 ttl=64 time=0.768 ms 64 bytes from fd15:4ba5:5a2b:1008::1: icmp_seq=4 ttl=64 time=4.01 ms 64 bytes from fd15:4ba5:5a2b:1008::1: icmp_seq=5 ttl=64 time=4.13 ms ^C --- fd15:4ba5:5a2b:1008::1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4040ms rtt min/avg/max/mdev = 0.699/2.093/4.132/1.617 ms

    We have configured IPv6 network between our nodes. It means that our nodes have now formed a Dual Stack network.

     

    Configure Dual Stack DNS Server on CentOS 7:

    Edit BIND configurations on both DNS servers to add IPv6 support.

    [root@dns-01 ~]# vi /etc/named.conf

    Ensure that following directive exists, so the BIND can listen on IPv6 addresses.

    listen-on-v6 port 53 { ::1; };

    Add IPv6 network address in following directive to allow network client's to query our DNS servers.

    allow-query { localhost;192.168.116.0/24;fd15:4ba5:5a2b:1008::/64;};

    Restart BIND service.

    [root@dns-01 ~]# systemctl restart named

    Repeat above steps on dns-02.example.com.

    Connect with dns-01.example.com and edit /etc/named.conf.local file.

    [root@dns-01 ~]# vi /etc/named.conf.local

    Add IPv6 addresses of dns-02.example.com in allow-transfer and also-notify directives, to enable zone transfers to secondary DNS server over IPv6 network .

    zone "example.com" { type master; file "/var/named/example.com"; allow-transfer {192.168.116.5;fd15:4ba5:5a2b:1008::2; }; also-notify {192.168.116.5;fd15:4ba5:5a2b:1008::2; }; }; zone "116.168.192.in-addr.arpa" { type master; file "/var/named/116.168.192.in-addr.arpa"; allow-transfer {192.168.116.5;fd15:4ba5:5a2b:1008::2; }; also-notify {192.168.116.5;fd15:4ba5:5a2b:1008::2; }; };

    Edit example.com zone file.

    [root@dns-01 ~]# vi /var/named/example.com

    Add AAAA records of our servers therein.

    $TTL 1h @ IN SOA example.com. root.example.com. ( 2019080901 ; Serial YYYYMMDDnn 24h ; Refresh 2h ; Retry 28d ; Expire 2d ) ; Minimum TTL ;Name Servers @ IN NS dns-01 @ IN NS dns-02 ;Mail Servers @ IN MX 0 mail-01 ;Other Servers dns-01 IN A 192.168.116.4 dns-02 IN A 192.168.116.5 mail-01 IN A 192.168.116.6 web-01 IN A 192.168.116.3 ;Canonical Names www IN CNAME web-01 mail IN CNAME mail-01 ;AAAA Records dns-01 IN AAAA fd15:4ba5:5a2b:1008::1 dns-02 IN AAAA fd15:4ba5:5a2b:1008::2

    Test resolution of hostname to IPv6 address by using ping6 command.

    [root@dns-01 ~]# ping6 dns-01.example.com PING dns-01.example.com(dns-01.example.com (fd15:4ba5:5a2b:1008::1)) 56 data bytes 64 bytes from dns-01.example.com (fd15:4ba5:5a2b:1008::1): icmp_seq=1 ttl=64 time=0.055 ms 64 bytes from dns-01.example.com (fd15:4ba5:5a2b:1008::1): icmp_seq=2 ttl=64 time=0.185 ms 64 bytes from dns-01.example.com (fd15:4ba5:5a2b:1008::1): icmp_seq=3 ttl=64 time=0.141 ms ^C --- dns-01.example.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 0.055/0.127/0.185/0.053 ms [root@dns-01 ~]# ping6 dns-02.example.com PING dns-02.example.com(fd15:4ba5:5a2b:1008::2 (fd15:4ba5:5a2b:1008::2)) 56 data bytes 64 bytes from fd15:4ba5:5a2b:1008::2 (fd15:4ba5:5a2b:1008::2): icmp_seq=1 ttl=64 time=0.403 ms 64 bytes from fd15:4ba5:5a2b:1008::2 (fd15:4ba5:5a2b:1008::2): icmp_seq=2 ttl=64 time=0.768 ms 64 bytes from fd15:4ba5:5a2b:1008::2 (fd15:4ba5:5a2b:1008::2): icmp_seq=3 ttl=64 time=0.726 ms ^C --- dns-02.example.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 0.403/0.632/0.768/0.164 ms

    Add a reverse zone for IPv6 network.

    [root@dns-01 ~]# vi /etc/named.conf.local

    and add our IPv6 reverse zone in it.

    zone "8.0.0.1.b.2.a.5.5.a.b.4.5.1.d.f.ip6.arpa." { type master; file "/var/named/ipv6.reverse.db"; allow-transfer {192.168.116.5;fd15:4ba5:5a2b:1008::2; }; also-notify {192.168.116.5;fd15:4ba5:5a2b:1008::2; }; };

    Create a zone file.

    [root@dns-01 ~]# vi /var/named/ipv6.reverse.db

    and add IPv6 reverse zone settings therein.

    $TTL 1h @ IN SOA 8.0.0.1.b.2.a.5.5.a.b.4.5.1.d.f.ip6.arpa. root.example.com. ( 2019080901 ; Serial YYYYMMDDnn 24h ; Refresh 2h ; Retry 28d ; Expire 2d ) ; Minimum TTL ;Name Servers @ IN NS dns-01 @ IN NS dns-02 ;Other Servers dns-01 IN A 192.168.116.4 dns-02 IN A 192.168.116.5 dns-01 IN AAAA fd15:4ba5:5a2b:1008::1 dns-02 IN AAAA fd15:4ba5:5a2b:1008::2 ;PTR Records 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR dns-01 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR dns-02

    We have breakdown the reverse IPv6 addresses into two 64 bit addresses. The left 64-bits represents the Computer IPv6 address while right 64-bits represents our Computer Network. If you have confusion in reversing an IPv6 address then you can use generator at IPv6 to PTR Record Reverse DNS v6 website.

    Test IPv6 reverse dns by using ping6 command.

    [root@dns-01 ~]# ping6 dns-01 PING dns-01(dns-01.8.0.0.1.b.2.a.5.5.a.b.4.5.1.d.f.ip6.arpa (fd15:4ba5:5a2b:100::1)) 56 data bytes 64 bytes from dns-01.8.0.0.1.b.2.a.5.5.a.b.4.5.1.d.f.ip6.arpa (fd15:4ba5:5a2b:108::1): icmp_seq=1 ttl=64 time=0.117 ms 64 bytes from dns-01.8.0.0.1.b.2.a.5.5.a.b.4.5.1.d.f.ip6.arpa (fd15:4ba5:5a2b:108::1): icmp_seq=2 ttl=64 time=0.151 ms 64 bytes from dns-01.8.0.0.1.b.2.a.5.5.a.b.4.5.1.d.f.ip6.arpa (fd15:4ba5:5a2b:108::1): icmp_seq=3 ttl=64 time=0.194 ms

    We have successfully configure Dual Stack DNS Server on CentOS 7.

    4 comments: