Tagged: IPv6

How Do I Update The Root Hints Data File for BIND Named Server?

My local nameserver root zone file is outdated. It has no information about IPv6 and recently changed root server IP address.

How do I update my root hints data file on a Linux server?

You can download it:

wget --user=ftp --password=ftp ftp://ftp.rs.internic.net/domain/db.cache -O /etc/bind/db.root

Or you can generate it yourself:

dig +bufsize=1200 +norec NS . @a.root-servers.net | egrep -v ';|^$' | sort > /etc/bind/db.root

After all, refresh the name server:

rndc reload

After all the content of the file looks like this:

.			518400	IN	NS	a.root-servers.net.
.			518400	IN	NS	b.root-servers.net.
.			518400	IN	NS	c.root-servers.net.
.			518400	IN	NS	d.root-servers.net.
.			518400	IN	NS	e.root-servers.net.
.			518400	IN	NS	f.root-servers.net.
.			518400	IN	NS	g.root-servers.net.
.			518400	IN	NS	h.root-servers.net.
.			518400	IN	NS	i.root-servers.net.
.			518400	IN	NS	j.root-servers.net.
.			518400	IN	NS	k.root-servers.net.
.			518400	IN	NS	l.root-servers.net.
.			518400	IN	NS	m.root-servers.net.
a.root-servers.net.	518400	IN	A
a.root-servers.net.	518400	IN	AAAA	2001:503:ba3e::2:30
b.root-servers.net.	518400	IN	A
b.root-servers.net.	518400	IN	AAAA	2001:500:84::b
c.root-servers.net.	518400	IN	A
c.root-servers.net.	518400	IN	AAAA	2001:500:2::c
d.root-servers.net.	518400	IN	A
d.root-servers.net.	518400	IN	AAAA	2001:500:2d::d
e.root-servers.net.	518400	IN	A
f.root-servers.net.	518400	IN	A
f.root-servers.net.	518400	IN	AAAA	2001:500:2f::f
g.root-servers.net.	518400	IN	A
h.root-servers.net.	518400	IN	A
h.root-servers.net.	518400	IN	AAAA	2001:500:1::53
i.root-servers.net.	518400	IN	A
i.root-servers.net.	518400	IN	AAAA	2001:7fe::53
j.root-servers.net.	518400	IN	A
j.root-servers.net.	518400	IN	AAAA	2001:503:c27::2:30
k.root-servers.net.	518400	IN	A
k.root-servers.net.	518400	IN	AAAA	2001:7fd::1
l.root-servers.net.	518400	IN	A
l.root-servers.net.	518400	IN	AAAA	2001:500:3::42
m.root-servers.net.	518400	IN	A
m.root-servers.net.	518400	IN	AAAA	2001:dc3::35

This is a current list of the root name servers.

IPv6 Tunnel with Cisco

Cisco does support PPPoE with IPv6, so if your provider does support IPv6, you can do a native connection. If not, you can establish a Tunnel to SIXXS or another IPv6 provider.

ipv6 unicast-routing
interface tunnel0
  description IPv6 uplink to SixXS
  no ip address
  ipv6 enable
  ipv6 nd suppress-ra (<12.4)
  ipv6 nd ra suppress (>=12.4)
  ipv6 address [Your IPv6 Endpoint]/[Prefix Length]
  ipv6 mtu 1280 (or other MTU value)
  tunnel source [Your IPv4 Endpoint]
  tunnel destination [PoP IPv4 Endpoint]
  tunnel mode ipv6ip
ipv6 route 2000::/3 [PoP IPv6 Endpoint]

IPv6 Address renumbering

IPv6 uses provider aggregated IP addresses. In the documentation you can read, how easy it is to do address renumbering.

You can specify a general prefix on a device. If you need to change the address, you have to change the global prefix only, and all addresses got the new prefix on this device.

On cisco devices it is:

ipv6 general-prefix PROD 2001:DB8:1234::/48
interface Vlan1
 description Management Network
 ipv6 address PROD ::1:0:0:0:2E1/64
 ipv6 enable
interface Vlan2
 description Management Network
 ipv6 address PROD ::2:0:0:0:FF/64
 ipv6 enable

Now you change the address of the generel-prefix PROD and all your IP addresses on this device are changed.

IPv6 connection with Fortigate and xDSL

The IPv6 support of Fortigate is very advanced. Unfortunately Fortigate does not support PPPoe with IPv6, because this is a legacy protocol. If you have a DSL connection it does work with IPv4, but not with IPv6. The workaround is: Connect yourself with IPv4 and PPPoe and request from a tunnel provider like www.sixxs.net a tunnel and later a IPv6 subnet.

The configuration on the Fortigate for the sit-tunnel looks like this:

config system sit-tunnel
edit "sixxs-tun"
    set destination
    set interface wan1
    set ip6 2001:dead:babe:c5::2/64
    set source
config system interface
edit "sixxs-tun"
    config ipv6
        set ip6-allowaccess ping
config router static6
edit 1
    set device "sixxs-tun"

The IP address is the remote tunnel address of your POP.

The IP address is the IP address of your external IPv4 interface.

The IP address 2001:dead:babe:c5::2/64 is the IPv6 address, you got from your tunnel provider.

Now you can use the interface sixxs-tun as your IPv6 connection and gateway.