1 Arashikasa

Dig Ipv6 Address Assignment

In the past I’ve published articles on how to do a benchmark with namebench to see what’s the fastest DNS server for you and how to crypt your DNS traffic if you use Opendns but I’ve never done a comprehensive guide of the command , probably the best command you can have on the command line to query a DNS server, so today I want to show you the basic usage of this command and some trick, using examples that you can re-use for your goals.

But as first thing, probably every reader know what’s a DNS server, but anyway it’s better to take the good definition from Wikipedia:

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. A Domain Name Service resolves queries for these names into IP addresses for the purpose of locating computer services and devices worldwide.

So let’s see how we can query a DNS server o get all the info we need.

Installation

dig (domain information groper), is a common command that can be installed on any Linux distribution, but usually is not installed by default, so to install it run these commands:

For users of Debian, Ubuntu and other distro that use the .deb packages, use the following command:

sudoapt-get install dnsutils

sudo apt-get install dnsutils

Users of Red Hat Enterprise, CentOS and Fedora can use the following command:

sudoyum install bind-utils

sudo yum install bind-utils

In Arch Linux, use the following command:

sudo pacman -S dnsutils

And at last in gentoo you can use

sudo emerge bind-tools

As you can see the hardest thing is to discover the name of the package that the different distributions use to put this utility.

Basic Usage

The most typical, simplest query is for a single host. By default, however, is pretty verbose. You probably don’t need all the information in the default output, but it’s probably worth knowing what it is every part of the output:

$ dig linuxaria.com ; < <>> DiG 9.8.1-P1 < <>> linuxaria.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 49569 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;linuxaria.com. IN A ;; ANSWER SECTION: linuxaria.com. 35 IN A 108.162.197.170 linuxaria.com. 35 IN A 108.162.197.70 ;; Query time: 47 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Fri Aug 17 23:39:21 2012 ;; MSG SIZE rcvd: 63

In the output we see at the start the version of that we're using and the request we made (first line of output) after that some generic technical information and after these 2 lines we start with some useful information :

;; QUESTION SECTION:

Here shows what we have asked, the default query is for an Internet address (A).

;; ANSWER SECTION:

In this section we find the answer of our query to the DNS server, so in this example you can see that linuxaria.com is resolved with 2 IP address 108.162.197.170 and 108.162.197.70.

;; Query time:

This is an interesting information, it tell us how much time it took to get an answer from our DNS server.

;; SERVER:

This is the IP address of the DNS server that answered to our query.

So with no options, we get the IP address of a DNS Address.

Selecting a specific nameserver

If not specified, uses as a server for every query the one present in the configuration file , but we can change this behavior without changing the file, just use the parameter @IPADDRESS, so if we have a DNS server installed on our server and we want to be sure it loaded correctly all zones we can use the command:

dig @127.0.0.1 mysite.com

Or if you want to compare the response time of Google DNS and OpenDNS you can give the following two commands:

dig @8.8.8.8 linuxaria.comdig @208.67.220.220 linuxaria.com

And check out what is the lowest number in the parameter of the two responses.

Use dig to do an IPV6 query

By default use ipv4, but you have 2 ways to use with ipv6

1) Use the -6 option to force to only use IPv6 query transport.

;; QUESTION SECTION:
;linuxaria.com. IN A

;; ANSWER SECTION:
linuxaria.com. 168 IN A 108.162.197.170
linuxaria.com. 168 IN A 108.162.197.70

;; Query time: 61 msec
;; SERVER: ::ffff:8.8.8.8#53(::ffff:8.8.8.8)
;; WHEN: Sat Aug 18 00:14:57 2012
;; MSG SIZE rcvd: 63

In this example we have used only the IPV6 protocol and so using the server: ::ffff:8.8.8.8 as DNS server, note that the Answer is still an ipv4 address, you can get the same result using in the @ parameter an ipv6 address and not using the -6 parameter, so I could get the same result with the command:

2) You can use dig to request for a IPV6 address, to do this we have to add at the end the parameter AAAA. A 32 bit IPv4 address is an A record. IPv6 is four times the size – 128 bits – so it ended up being a quad-A record. and so to know the IPV6 address of linuxaria.com you can use the command

;; QUESTION SECTION:
;linuxaria.com. IN AAAA

;; ANSWER SECTION:
linuxaria.com. 300 IN AAAA 2600:3c03::f03c:91ff:fe93:b7b3

;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)

In this example we have asked at 8.8.8.8 DNS server, via IPV4 protocol, the IPV6 address of linuxaria.com and we’ve got the result: 2600:3c03::f03c:91ff:fe93:b7b3

Use dig discover the MX record of a domain

In the same way we have asked to the DNS server for an AAAA record we can make a query for an MX record (mail exchanger record), that specifies a mail server responsible for accepting email messages on behalf of a recipient’s domain.

;; QUESTION SECTION:
;linuxaria.com. IN MX

;; ANSWER SECTION:
linuxaria.com. 110 IN MX 5 alt2.aspmx.l.google.com.
linuxaria.com. 110 IN MX 1 aspmx.l.google.com.
linuxaria.com. 110 IN MX 10 aspmx3.googlemail.com.
linuxaria.com. 110 IN MX 5 alt1.aspmx.l.google.com.
linuxaria.com. 110 IN MX 10 aspmx2.googlemail.com.

We have in the answer section multiple servers, this is pretty common, before any server name you can see a number that’s the priority of the following MX server, so in my case the first MX is aspmx.l.google.com.

If you want to see all records for a domain you can use the word as parameter:

;; ANSWER SECTION:
linuxaria.com. 300 IN AAAA 2600:3c03::f03c:91ff:fe93:b7b3
linuxaria.com. 300 IN MX 5 alt2.aspmx.l.google.com.
linuxaria.com. 300 IN MX 1 aspmx.l.google.com.
linuxaria.com. 300 IN MX 5 alt1.aspmx.l.google.com.
linuxaria.com. 43200 IN NS gabe.ns.cloudflare.com.
linuxaria.com. 300 IN MX 10 aspmx3.googlemail.com.
linuxaria.com. 300 IN A 108.162.197.70
linuxaria.com. 300 IN A 108.162.197.170
linuxaria.com. 300 IN MX 10 aspmx2.googlemail.com.
linuxaria.com. 43200 IN NS ruth.ns.cloudflare.com.
linuxaria.com. 43200 IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 2012062111 10000 2400 604800 3600

Remember that the default is to query for A records.

Do a reverse lookup with dig

Sometimes you have an IP address and you want to know the name, for this you can use the option -x

dig-x 8.8.4.4 +short google-public-dns-b.google.com

dig -x 8.8.4.4 +short google-public-dns-b.google.com

In this example I’ve used the parameter that makes the output really…short, just the answer, in this case we can see that the name of the address 8.8.4.4 is google-public-dns-b.google.com.
can be used with any query to just show the answer.

Conclusions

And this is enough as basic tutorial, here you have the most common uses of the command , it can also do multiple query in 1 command line, but i don’t find this so useful in real life, where you can just give 2 or 3 different (and easy) commands instead of 1 long line of commands. Now you have the basis to ask anything to your DNS server, have fun !

Popular Posts:

IPv6 is a new infrastructure protocol for your network and the Internet. It’s similar to the old IPv4 protocol in many ways – you use DHCP, DNS, HTTP, SIP, LDAP – all the old protocols work. A few are gone, like ARP and some are changed. Today, we’ll talk about DNS and IPv6. Spend 30 minutes to learn more about IPv6 every Friday!

DNS with IPv6 – works like expected

In order to start with IPv6, it’s very common that you add IPv6 to your existing infrastructure. Your clients will now start asking the DNS not only for IPv4 addresses, but also for IPv6 addresses. This works, even if your DNS only talks IPv4. It can still answer questions about IPv6 addresses. Here’s an example where I ask my local name server for the IPv6 address of http://www.v6.facebook.com:

myhost$ dig @192.168.40.1 www.v6.facebook.com AAAA ; <<>> DiG 9.7.2-P3 <<>> @192.168.40.1 www.v6.facebook.com AAAA ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2333 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.v6.facebook.com. IN AAAA ;; ANSWER SECTION: www.v6.facebook.com. 2505 IN AAAA 2620:0:1cfe:face:b00c::3 ;; Query time: 2 msec ;; SERVER: 192.168.40.1#53(192.168.40.1) ;; WHEN: Wed Jan 11 16:28:57 2012 ;; MSG SIZE rcvd: 65

How do you add your own IPv6 addresses to DNS?

If you are using a hosted DNS with a web management frontend, you have to look into the documentation for that server. In the standard DNS zone format you use AAAA records – or “quad-a”. A 32 bit IPv4 address is an A record. IPv6 is four times the size – 128 bits – so it ended up being a quad-A record.

 

bilbo           IN        AAAA          2620:0:1cfe:face:b00c::3

You might want to start with adding a separate host name. If you have the IPv4 host name bilbo.example.com, you could use bilbo.v6.example.com. When you feel safe with the IPv6 support, you move it back to bilbo.example.com.

Make your DNS server reachable over IPv6

The most important first step to make your external Internet services reachable is to make your DNS server reachable over IPv6. Look in your server documentation on how to do that and test. When you are done, it is important that you add IPv6 addresses to the host name records for your name server host so that it has both A and AAAA records.

Secondly, you need to inform your registrar about the new address. DNS delegation works by using something called glue records. The zone “above” you needs to have pointers to your name servers in that zone. If you have the domain namn.se, the .se zone needs glue records for all your name servers. Otherwise, no one can find you and your servers. Not all registrars support IPv6, especially if they have web forms. If they don’t do it in the web interface, contact support. If they still do not support it manually, change to another registrar. Arin’s wiki has a list of some good and some bad US registrars.

Also check if your top level domain has IPv6 support. Not all TLDs support IPv6 yet.

Make sure that you present the same data over IPv6 as over IPv4

It is important that you use the same data for both IPv4 and IPv6 queries. You can not assume that all IPv6 clients will reach your DNS server over IPv6 and serve different data. An IPv6 client may ask it’s local name server over IPv6, but that name server could very well be dual stack and forward the query over IPv4 and get the result from a cached entry somewhere. This is a feature of the DNS. Just make sure that you don’t try to be clever and present different sets of data over the different protocols.

Use DNS to show your preference!

There are network services that use DNS SRV records to find a server. Both SIP and XMPP use SRV records in the domain zone to provide both failover and load balancing. These can be used to indicate how you want others to connect to you. If you have a perfect IPv6 connection and only connect to the old IPv4 Internet over slow tunnels, you can indicate this:

sipserver.example.com. IN AAAA 2001:DB8:BE:EF:1000:1 sipserver-old-gateway.example.com. IN A 192.168.40.100 _sip._tcp.example.com. 86400 IN SRV 10 5 5060 sipserver.example.com. _sip._tcp.example.com. 86400 IN SRV 20 5 5060 sipserver-old-gateway.example.com.

An IPv4 client should check the lowest priority first and find out that there’s no available host in that priority and switch to the second priority. An IPv6 client finds a host in the lowest priority. A dual stack client will also find the IPv6 host first and stick to that. DNS SRV records are for you to define how you want to be reached. Use it!

Summary: Just get it done!

This week, the summary is short and sweet: Just get it done. Either get real IPv6 connections from your ISP or set up a tunnel. Most tunnel brokers will point to your DNS servers for reverse DNS (something that we haven’t mentioned here) and provide you with IPv6-capable DNS servers. Start playing with the tunnel and use it to serve your DNS to the world over IPv6.

Links:

 

Leave a Comment

(0 Comments)

Your email address will not be published. Required fields are marked *