cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
997
Views
0
Helpful
8
Replies
robardill
Beginner

IOS IPv6 DNS Server

We're using 887VA's at branch offices and leveraging IOS ip dns server for split DNS with IPv4 clients.

Is there a way to have DNS server listen on IPv6 also?


So far I've been unable to locate any specific documentation on this feature, but there are some previous threads hinting it supported on some platforms.

 

Current config, the ISR doesn't respond to IPv6 request even after removing the default restrict source.

 

Any advice or pointers would be appreciated.

 

ip host view RESTRICTED m.youtube.com 216.239.38.119
ip host view RESTRICTED youtubei.googleapis.com 216.239.38.119
ip host view RESTRICTED youtube.googleapis.com 216.239.38.119
ip host view RESTRICTED www.youtube-nocookie.com 216.239.38.119
ip host view RESTRICTED www.youtube.com 216.239.38.119
ip host site.internal.lan X.X.X.X


ipv6 host ipv6test.internal.lan 2001:XXXX:XXXX:XXXX::X

ip dns view RESTRICTED
 domain timeout 1
 domain retry 0
 dns forwarding timeout 2
 domain round-robin
 dns forwarder 8.8.8.8
 dns forwarder 8.8.4.4
ip dns view default
 domain timeout 1
 domain retry 0
 dns forwarding timeout 2
 domain round-robin
 dns forwarder 8.8.8.8
 dns forwarder 8.8.4.4
ip dns view-list INTERNAL
 view RESTRICTED 5
  restrict source access-group ACL-RESTRICTED-HOST
 view default 10
  restrict source access-group 101
ip dns server view-group INTERNAL
ip dns server
ip dns primary internal.lan soa gw.internal.lan host.internal.lan 3600 300 3600 3600
!
access-list 101 remark Local Networks
access-list 101 permit ip 192.168.120.0 0.0.0.255 any
access-list 101 deny   ip any any log
!
ip access-list extended ACL-RESTRICTED-HOST
 permit ip object-group RESTRICTED-HOSTS any
 deny   ip any any
!
object-group network RESTRICTED-HOSTS
 description Host with restricted internet via DNS View
 host 192.168.120.32
!
8 REPLIES 8
Supermantech
Beginner

the dns will listen and reply to ipv4 requests for AAAA.   So ipv4 will send the request and AAAA records (for ipv6) can be sent.   pretty sure.  does that solve the issue?

Thanks for the reply. Not really as most host systems preference IPv6 DNS
resolution. So I'm wanting the DNS resolution to operate over IPv6.

Hello,

 

so basically you want the IPv6 equivalent to 'ip dns server', making the IOS router a DNS server for IPv6 as well ?

Yes, correct.

Hello,

 

I checked pretty much all available resources, and I could not find anything on an IOS device being capable of being a DNS server for IPv6 (compared to IPv4). So I think it is safe to say that this is not possible (yet)...

robardill
Beginner

There was another thread similar to this, that mentioned that it supported on some platforms? I don't believe anything special needs to be configured above the above commands. On some platforms it listen on both ipv4 and ipv6. Be good to know which platforms/releases support this.

robardill
Beginner

This thread reports 1921 works but not the 1841. I'm using the 887VA which is newer than the 1921.

Where can one find which platforms are supported?

 

https://community.cisco.com/t5/ipv6/does-quot-ip-dns-server-quot-on-a-cisco-router-listen-on-ipv6/m-p/3909516/highlight/true#M3618

robardill
Beginner

FWIW... Upgraded to 15.9 and it now works.

 

However the view-list views ignore IPv6 ACLs (matching anything)

restrict source access-group IPV6ACL
Content for Community-Ad
This widget could not be displayed.