15 juin 2013

As we're getting into the Global Internet connectivity, we need to spend a little time talking about DNS. Because without correct DNS functionning, there is no name resolution, and thus most computer softwares are stalled ( Web browser, Mail client, Antivirus updates, ... )




First, we have IPv4 DNS Servers. This means they are reachable over IPv4. They hold records of names/IPv4 address couples. That is called a ' A ' record.

What is good is that those IPv4 DNS Servers hold too records of names/IPv6 address couples.  These are called ' AAAA ' records. So you don't need to enter an IPv6 DNS Server IP, except if you have the whole IPv4 Stack disabled.



In a same way, an IPv6 DNS Server holds ' A ' records and ' AAAA ' records. So it can answer to ' A ' records requests.


As an exemple, if you want all DNS requests ( ' A ' and ' AAAA ' records ) to be served by the IPv6 DNS Server, enter no IPv4 DNS IP on the client, only an IPv6 DNS IP.

If you want all DNS requests ( ' A ' and ' AAAA ' records ) to be served by the IPv4 DNS Server, enter no IPv6 DNS IP on the client, only an IPv4 DNS IP.

Finally, do note that windows gives priority to IPv6, so if you entered both an IPv4 DNS IP and an IPv6 DNS IP, the IPv6's one will be used first

Of course, one unique DSN server can have both an IPv6 and an IPv4 address, thus providing DNS resolution both over IPv4 and IPv6. The previous exemple was just to clarify things out. 


Usefull commands to troubleshoot DNS


We'll use OpenDNS for DNS resolution in these exemples :


IPv4 DNS :
IPv6 DNS : 2620:0:ccd::2

to test the DNS resolution of www.wikipedia.org :
nslookup www.wikipedia.org


notice that www.wikipedia has no AAAA record.

if you try :                nslookup www.google.com


you see that there exists both A and AAAA records for www.google.com


now let's try :          nslookup ipv6.google.com


there is no A record. Only a AAAA IPv6 record




to test the DNS resolution forcing the use of an IPv4 DNS Server :
nslookup www.google.com

to test DNS resolution forcing the use of an IPv6 DNS Server :
nslookup www.google.com 2620:0:ccd::2


strangely, nslookup doesn't seem to have a working fallback mechanism. If a DNS IPv6 is registered on the PC, it sends it the request. If the request isn't answered, it doesn't try a registered IPv4 address, it just stops here.



Why are IPv6 records named ' AAAA ' records

Well, IPv4 records are named ' A ' records. And they're 32 bits long.
As an IPv6 record is four time this size ( ie 128 bits), it is named an ' AAAA ' record, a Quad A record.


