cancel
Showing results for 
Search instead for 
Did you mean: 
jschweitzer
Not applicable
Report Inappropriate Content
Message 1 of 8

Adding IPv6 DNS to Admin Console

We have nearly completed our IPv6 transition. There's just a few final steps to complete. One of those is adding external IPv6 DNS entries into the Admin Console.

We currently have (2) IPv4 DNS IPs setup for each interface; however, i cannot figure out how to add IPv6 addresses. I get an error message saying "invalid ip address." I've already added the IPv6 addresses as network objects. I simply have no idea how to add them to the DNS menu, if it's even possible.

Can anyone guide me through this?

7 Replies
sliedl
Not applicable
Report Inappropriate Content
Message 2 of 8

Re: Adding IPv6 DNS to Admin Console

If you run Split DNS on the firewall itself you can add an A record in the DNS for the IPv4 and an AAAA record for the IPv6 IP addresses for each of the firewall's interfaces.

What exact version and patch level are you using?  BIND on version 70103 does not support IPv6.

jschweitzer
Not applicable
Report Inappropriate Content
Message 3 of 8

Re: Adding IPv6 DNS to Admin Console

I'm not sure i've heard of Split DNS. can you elaborate?

our firewalls use version 8.3.2P07.

Also, we have another firewall that still uses 70103. does that mean we'll have to upgrade it to 8.3.2 when we want to enable IPv6?

sliedl
Not applicable
Report Inappropriate Content
Message 4 of 8

Re: Adding IPv6 DNS to Admin Console

Ohh, I could not grasp what you were actually asking about.  You are trying to add a IPv6 address as a DNS server in your 'Transparent DNS' setup (right?).  If you tried it and it didn't work I'm going to guess it does not support IPv6 addresses.  Since there is no indication in the Help or Product Guide that says what it supports I emailed development to ask them.  I will write back when I have an answer (which, as you demonstrated, is most likely going to be "Transparent DNS does not support IPv6 addresses").  It's either that or you typed the address wrong (but I don't believe that's the case).

Both 70103 and 832 support IPv6 addresses on the firewall.  Just disregard what I said about BIND since you are not using it.

jschweitzer
Not applicable
Report Inappropriate Content
Message 5 of 8

Re: Adding IPv6 DNS to Admin Console

you are correct. we're using Transparent.

if it doesnt support IPv6 addresses, how will lookups occur? are the existing IPv4 DNS servers going to have to support IPv6 lookups or something? We dont control the DNS servers. The organization for which i work controls them. we simply leverage them for lookups.

at the same time, our Internal interface has IPv4 addresses for our local DNS servers - 192.168.100.x. Is the result going to be the same whereby the DNS servers have to somehow translate IPv6 requests?

jschweitzer
Not applicable
Report Inappropriate Content
Message 6 of 8

Re: Adding IPv6 DNS to Admin Console

sliedl - have you heard back from the dev team? If Transparent DNS doesnt support IPv6 does that mean i'll have to change to "firewall hosted"?

sliedl
Not applicable
Report Inappropriate Content
Message 7 of 8

Re: Adding IPv6 DNS to Admin Console

I have not had an answer back from my question to them.  It appears that transparent DNS does not support IPv6 addresses.  Therefore you must use IPv4 addresses.

jschweitzer
Not applicable
Report Inappropriate Content
Message 8 of 8

Re: Adding IPv6 DNS to Admin Console

ok, so how does IPv6 translation/lookups work then?

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.