We have nearly completed our IPv6 transition. There's just a few final steps to complete. One of those is adding external IPv6 DNS entries into the Admin Console.
We currently have (2) IPv4 DNS IPs setup for each interface; however, i cannot figure out how to add IPv6 addresses. I get an error message saying "invalid ip address." I've already added the IPv6 addresses as network objects. I simply have no idea how to add them to the DNS menu, if it's even possible.
Can anyone guide me through this?
If you run Split DNS on the firewall itself you can add an A record in the DNS for the IPv4 and an AAAA record for the IPv6 IP addresses for each of the firewall's interfaces.
What exact version and patch level are you using? BIND on version 70103 does not support IPv6.
I'm not sure i've heard of Split DNS. can you elaborate?
our firewalls use version 8.3.2P07.
Also, we have another firewall that still uses 70103. does that mean we'll have to upgrade it to 8.3.2 when we want to enable IPv6?
Ohh, I could not grasp what you were actually asking about. You are trying to add a IPv6 address as a DNS server in your 'Transparent DNS' setup (right?). If you tried it and it didn't work I'm going to guess it does not support IPv6 addresses. Since there is no indication in the Help or Product Guide that says what it supports I emailed development to ask them. I will write back when I have an answer (which, as you demonstrated, is most likely going to be "Transparent DNS does not support IPv6 addresses"). It's either that or you typed the address wrong (but I don't believe that's the case).
Both 70103 and 832 support IPv6 addresses on the firewall. Just disregard what I said about BIND since you are not using it.
you are correct. we're using Transparent.
if it doesnt support IPv6 addresses, how will lookups occur? are the existing IPv4 DNS servers going to have to support IPv6 lookups or something? We dont control the DNS servers. The organization for which i work controls them. we simply leverage them for lookups.
at the same time, our Internal interface has IPv4 addresses for our local DNS servers - 192.168.100.x. Is the result going to be the same whereby the DNS servers have to somehow translate IPv6 requests?
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center