ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

IPv6 DNS Recommendations

Updated on April 4, 2012



Domain name system migration considered as covering 30% of the overall migration process. Although we configure the devices such as web server, proxy server etc. to be working in a dual-stack mode, properly deployed DNS infrastructure should be there to govern the operations, performance and the reliability of the dual-stack environment.

There are various factors that define the IPv6 support in the domain name hierarchy. Root name servers and other higher level name servers should support IPv6 transport and the query processing. As well, locally, the DNS server and the resolver need to be IPv6 capable.

Apart from the basic configurations, dual stack DNS should be fine-tuned and secured with adhering to the best practices. Since address based port scan kind of attacks are very hard to carry out in an IPv6 infrastructure, domain names based attacks can be expected in such reconnaissance activities [1].

DNS infrastructure is far more complex, critical and vulnerable to threats in dual-stack or IPv6 environment than in IPv4. So it is a must to have the name resolution related trivial facts such as address selection mechanisms and priority on querying for conducting diligent troubleshooting procedures.

DNS migration for IPv6 is proposed to follow this process.
DNS migration for IPv6 is proposed to follow this process.
Source

CURRENT DNS SERVER DETAILS

Operating System : Red Hat Linux release 9 (Shrike) - Kernel version is 2.4.20-8smp
DNS Server Software : Bind-9.2.1-16

IPv6 support in a DNS server needs to be defined in two ways.

1. DNS server software needs to support IPv6 related resource records

2. DNS server should support IPv6 transport (IPv6 packet processing)

These two factors are independent from each other but server is said to be IPv6 supported only if both the requirements are met.

Operating system and underlying hardware support for IPv6 is characterizing the IPv6 transport ability of the Server.

BIND version or any other DNS software being used defines the ability of processing resource records.

IPv6 support in Red Hat and related Fedora distributions is quite satisfactory. From kernel version 2.4 IPv6 support is adapted to the Linux distributions. (Linux kernel 2.3 does not support IPv6 [2]). So the existing Red Hat system is one of the early releases of IPv6 supported Linux distributions. But latest Red Hat and Fedora distributions are adapting whole lot of new IPv6 and related security features (Fedora 13 with Linux kernel 2.6.33 [3], Red Hat Enterprise Linux with kernel version 2.6.9 [4]).

Although the current BIND version preliminary supports IPv6, latest releases are far more IPv6 capable and enhanced with new security features.


PROPOSED DNS SETUP

PROPOSED DNS SETUP
PROPOSED DNS SETUP

In the new dual stack network, every host (ipv4 only or ipv6 only or dual stack) will be able to resolve their name requests irrespective of their IPv4 or IPv6 capability.

The proposed system is aimed at removing the drawbacks of the existing system and adapting the latest IPv6 support and security enhancements.

Hardware Platform : Should be replaced with a stable and enhanced hardware platform with a high performance. (already requested)
Operating System : Red Hat Linux release 9 (Shrike) With kernel version 2.6.x+
or
Use Fedora 10 with kernel 2.6.x+
DNS Server Software : Upgrade to BIND 9.7.0-P2+

HARDWARE PLATFORM

Need to choose a server platform with good CPU performance, adequate RAM and hard disk storage, adequate Network Interface Cards for the network you will deploy it in, etc. as suggested above, it is better to have redundancy in the DNS system not only because of the consistency but of the security concerns.

Anew hardware platform for the DNS server is already requested.

OPERATING SYSTEM

Selected Operating system should be highly reliable, possible to secure well, have good anti-hacking mechanisms (like jails) and have a good DNS server daemon available for it that supports IPv6.

When considering the BIND, there are both Windows and Linux versions. But BIND over windows can be rejected due to the fact the underlying operating system is not as reliable or secure as Linux.

Upgrade to the Linux kernel version 2.6 is highly recommended in view of the fact that it is more stable, secured and enhanced with IPv6 support. Using a community release of Red Hat (Fedora 10 with kernel 2.6.27) is an alternative recommendation [http://tldp.org/HOWTO/Linux+IPv6-HOWTO/basic-history-ipv6-linux.html].

Current BIND production release is9.7.0-P2 and the latest version can be found in [5]. DNSSEC kind of security enhancements and new IPv6 features are adapted in the new releases.

Proposed specification for the dual-stack DNS implementation will provide the user to experience the best performance, availability and security via both IPv4 and IPv6 infrastructures.



Comments

    0 of 8192 characters used
    Post Comment

    • dbuddhika profile imageAUTHOR

      dbuddhika 

      6 years ago

      Thanks for the compliment God Bless you

    • PegCole17 profile image

      Peg Cole 

      6 years ago from Dallas, Texas

      You are evidently quite technically minded and thank goodness there are people like yourself and my husband who understand these things. He is a systems consultant for a computer manufacturer specializing in servers for major customers. I just want to flip the switch on and have it work!

      Well presented information. Voted up!

      Peg

    • DeborahNeyens profile image

      Deborah Neyens 

      6 years ago from Iowa

      It sounds like you know your stuff!

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)