SOLUTION NOTE
Supporting IPv6 in External DNS Services
You’ve seen the headlines; “The world is running out of
Internet Addresses.” Indeed, the traditional IPv4 address
space is reaching capacity. What does this mean to you?
Is this like the Y2K bug? Is your network at risk to suddenly
stop working?
The answer is yes - and no. Yes, this is like the Y2K bug,
in that the issue is suddenly getting a lot of attention in
the media. But no, we are not going to wake up one day
and find everything is broken. The gradual consumption of
IPv4 addressing has been tracked for a long time and the
industry has prepared technology to ease the transition.
The most immediate impact will be felt by organizations
who have not previously acquired an IPv4 Internet domain
and address range - or existing organizations that need to
expand their existing routable IPv4 space - because they
might not be able to get anything but IPv6 addresses.
IP Address consumption estimates from the Internet Assigned
Numbers Authority (IANA) and various Regional Internet Registry (RIR)
While IPv4 is not going away anytime soon, and will coexist
with IPv6 on public networks for a time, all organizations
should plan and prepare to support IPv6 because its
adoption is accelerating. This paper will help you do that
The Primary Issues
As IPv6 is adopted on the Internet, enterprise IT organization
must support business requirements to ensure that all external
Internet services such as web sites, email and other application
services are IPv6 capable. Therefore, you will need to support
IPv6 in your external, internet-facing DNS server in your
network’s DMZ.
Many organizations are choosing not to immediately use IPv6
on their internal networks due the cost and hassle of replacing
existing network infrastructure. That’s OK. At least for now,
through Network Address Translation (NAT) support in edge
routers, organizations can continue to use non-routable IPv4
addresses on internal networks.
Dual Stack
Web Server
Dual Stack
SMTP Server
Firewall with IPv4
NAT Translation
Internal
IPv4 Network
Dual Stack
External Server
For DNS, the primary difference between IPv4 and IPv6 is the
DMZ
type of record used to map names to addresses. IPv6 DNS
records are called AAAA Records, which are capable of referencing host entries that contain the larger, 128bit address
format of IPv6 addresses. In contrast, IPv4 DNS utilizes A Records which contain the traditional 32 bit addresses used in IPv4.
Since IPv4 is not going away any time soon, your external DNS solution must simultaneously support both IPv6 and IPv4.
In other words, your external DNS server should run dual IP protocol stacks and support both IPv4 A Records and IPv6
AAAA Records.
©2013 Infoblox Inc. All Rights Reserved. Infoblox-note-ipv6-in-external-dns-services-April2012
1
SOLUTION NOTE
Supporting IPv6 in External DNS Services
The Infoblox Solution
An appliance-based Infoblox DNS solution is a simple and
robust platform for IPv6 capable external DNS. Infoblox has
dual stack IPv6/IPv4 support and will deliver both IPv4 DNS
A records and IPv6 AAAA records to DNS requests from
Internet hosts over either protocol. This support, coupled
with a dual stack server infrastructure on the other routing
equipment, firewalls and web servers in the rest of the DMZ,
can guarantee that both IPv4 and IPv6 users will reach an
internet-facing web site.
Infoblox appliances provide a hardened system, which
protects against privilege escalation and malware attacks,
and is ready “out of box” for DMZ deployment. Infoblox
appliances support High Availability features such as VRRP
redundant hardware failover, and patented Infoblox Grid™
technology, which easily scales to support failover and
recovery to a redundant data center.
Internet
External Secondary
External Secondary
External Secondary
Tokyo
New York
London
Grid Master Candidate
Grid Master Hidden Primary
Grid Master Candidate
The Infoblox external DNS solution fully supports IPv4
Tokyo
New York
London
and IPv6 DNS Security (DNSSEC) that has been tested
for interoperability with root name servers and is Joint
Interoperability Test Command (JITC) and Office of Management and Budget (OMB) compliant for government and military
applications. Infoblox Grid “one-click” technology automates DNSSEC deployment and maintenance features such as
certificate acquisition and signing key refresh to take the tedious, manual labor out of the equation when implementing a bestpractice external DNS services.
Summary
The most pressing step for enterprise organizations preparing an IPv6 transition is to support IPv6 on Internet facing DNS
network services. Deploying these services with dual stack support for IPv4 and IPv6 and using a DNS server that supports
both IPv4 A records and IPv6 AAAA records will ensure the continued delivery of web services to customers and critical
business communications like email available for all.
The Infoblox solution meets these IPv6 requirements, is easy to deploy and maintain, and additionally provides superior
DNSSEC support, High Availability, and enterprise Disaster Recovery.
Infoblox Product Warranty and Services
The standard hardware warranty is for a period of one year. The system software has a 90-day warranty that will meet published specifications. Optional service products are also available that extend the hardware and software warranty. These products are recommended
to ensure the appliance is kept updated with the latest software enhancements and to ensure the security and availability of the system.
Professional services and training courses are also available from Infoblox. Information in this document is subject to change without
notice. Infoblox Inc. assumes no responsibility for errors that appear in this document.
Corporate Headquarters:
+1.408.986.4000
1.866.463.6256 (toll-free, U.S. and Canada)
©2013 Infoblox Inc. All Rights Reserved. Infoblox-note-ipv6-in-external-dns-services-April2012
[email protected]
www.infoblox.com
2