Supporting I Pv 6 in External DNS Services

yummypineappleSoftware and s/w Development

Jun 30, 2012 (5 years and 3 months ago)

264 views

SOLUTION NOTE
©2011 Infoblox Inc. All Rights Reserved. Infoblox-note-IPv6-in-External-DNS-Services-March2011
1
Supporting IPv6 in External DNS Services
You’ve seen the headlines; “The world is running out of Internet
Addresses.” Indeed, the traditional IPv4 address space is reaching
capacity. What does this mean to you? Is this like the Y2K bug? Is your
network at risk to suddenly stop working?
The answer is yes - and no. Yes, this is like the Y2K bug, in that the issue
is suddenly getting a lot of attention in the media. But no, we are not
going to wake up one day and find everything is broken. The gradual
consumption of IPv4 addressing has been tracked for a long time and
the industry has prepared technology to ease the transition.
The most immediate impact will be felt by organizations who have not
previously acquired an IPv4 Internet domain and address range - or existing
organizations that need to expand their existing routable IPv4 space -
because they might not be able to get anything but IPv6 addresses.
While IPv4 is not going away anytime soon, and will coexist with IPv6 on public networks for a time, all organizations should
plan and prepare to support IPv6 because its adoption is accelerating. This paper will help you do that by explaining what you
need to do for Internet facing network services and how you can use Infoblox products to help you.
The Primary Issues
As IPv6 is adopted on the Internet, enterprise IT organization must support business requirements to ensure that all external
Internet services such as web sites, email and other application services are IPv6 capable. Therefore, you will need to support
IPv6 in your external, internet-facing DNS server
in your network’s DMZ.
Many organizations are choosing not to
immediately use IPv6 on their internal networks
due the cost and hassle of replacing existing
network infrastructure. That’s OK. At least for
now, through Network Address Translation (NAT)
support in edge routers, organizations can
continue to use non-routable IPv4 addresses on
internal networks.
For DNS, the primary difference between IPv4 and
IPv6 is the type of record used to map names to
addresses. IPv6 DNS records are called AAAA
Records, which are capable of referencing host
entries that contain the larger, 128bit address
format of IPv6 addresses. In contrast, IPv4 DNS
utilizes A Records which contain the traditional 32
bit addresses used in IPv4.
Since IPv4 is not going away any time soon, your external DNS solution must simultaneously support both IPv6 and IPv4. In other
words, your external DNS server should run dual IP protocol stacks and support both IPv4 A Records and IPv6 AAAA Records.
IP Address consumption estimates from the Internet Assigned
Numbers Authority (IANA) and various Regional Internet Registry (RIR)
SOLUTION NOTE
©2011 Infoblox Inc. All Rights Reserved. Infoblox-note-IPv6-in-External-DNS-Services-March2011
2
Supporting IPv6 in External DNS Services
The Infoblox Solution
An appliance-based Infoblox DNS solution is a simple and robust platform for IPv6 capable external DNS. Infoblox has dual stack
IPv6/IPv4 support and will deliver both IPv4 DNS A records and IPv6 AAAA records to DNS requests from Internet hosts over either
protocol. This support, coupled with a dual stack server infrastructure on the other routing equipment, firewalls and web servers in
the rest of the DMZ, can guarantee that both IPv4 and IPv6 users will reach an internet-facing web site.
Infoblox appliances provide a hardened system, which protects against privilege escalation and malware attacks, and is ready “out
of box” for DMZ deployment. Infoblox appliances support High Availability features such as VRRP redundant hardware failover, and
patented Infoblox Grid

technology, which easily scales to support failover and recovery to a redundant data center.

The Infoblox external DNS solution fully supports IPv4 and IPv6
DNS Security (DNSSEC) that has been tested for interoperability
with root name servers and is Joint Interoperability Test
Command (JITC) and Office of Management and Budget (OMB)
compliant for government and military applications. Infoblox
Grid “one-click” technology automates DNSSEC deployment and
maintenance features such as certificate acquisition and signing
key refresh to take the tedious, manual labor out of the equation
when implementing a best-practice external DNS services.
Summary
The most pressing step for enterprise organizations preparing an IPv6 transition is to support IPv6 on Internet facing DNS
network services. Deploying these services with dual stack support for IPv4 and IPv6 and using a DNS server that supports
both IPv4 A records and IPv6 AAAA records will ensure the continued delivery of web services to customers and critical
business communications like email available for all.
The Infoblox solution meets these IPv6 requirements, is easy to deploy and maintain, and additionally provides superior
DNSSEC support, High Availability, and enterprise Disaster Recovery.
Infoblox Product Warranty and Services
The standard hardware warranty is for a period of one year. The system software has a 90-day warranty that will meet published specifications.
Optional service products are also available that extend the hardware and software warranty. These products are recommended to ensure
the appliance is kept updated with the latest software enhancements and to ensure the security and availability of the system. Professional
services and training courses are also available from Infoblox. Information in this document is subject to change without notice. Infoblox Inc.
assumes no responsibility for errors that appear in this document.
Corporate Headquarters: +1.408.625.4200 1.866.463.6256 (toll-free, U.S. and Canada) info@infoblox.com www.infoblox.com