7 Replies Latest reply on Sep 25, 2015 2:36 PM by jschweitzer

    Adding IPv6 DNS to Admin Console

    jschweitzer

      We have nearly completed our IPv6 transition. There's just a few final steps to complete. One of those is adding external IPv6 DNS entries into the Admin Console.

       

      We currently have (2) IPv4 DNS IPs setup for each interface; however, i cannot figure out how to add IPv6 addresses. I get an error message saying "invalid ip address." I've already added the IPv6 addresses as network objects. I simply have no idea how to add them to the DNS menu, if it's even possible.

       

      Can anyone guide me through this?

        • 1. Re: Adding IPv6 DNS to Admin Console
          sliedl

          If you run Split DNS on the firewall itself you can add an A record in the DNS for the IPv4 and an AAAA record for the IPv6 IP addresses for each of the firewall's interfaces.

           

          What exact version and patch level are you using?  BIND on version 70103 does not support IPv6.

          • 2. Re: Adding IPv6 DNS to Admin Console
            jschweitzer

            I'm not sure i've heard of Split DNS. can you elaborate?

             

            our firewalls use version 8.3.2P07.

             

            Also, we have another firewall that still uses 70103. does that mean we'll have to upgrade it to 8.3.2 when we want to enable IPv6?

            • 3. Re: Adding IPv6 DNS to Admin Console
              sliedl

              Ohh, I could not grasp what you were actually asking about.  You are trying to add a IPv6 address as a DNS server in your 'Transparent DNS' setup (right?).  If you tried it and it didn't work I'm going to guess it does not support IPv6 addresses.  Since there is no indication in the Help or Product Guide that says what it supports I emailed development to ask them.  I will write back when I have an answer (which, as you demonstrated, is most likely going to be "Transparent DNS does not support IPv6 addresses").  It's either that or you typed the address wrong (but I don't believe that's the case).

               

              Both 70103 and 832 support IPv6 addresses on the firewall.  Just disregard what I said about BIND since you are not using it.

              • 4. Re: Adding IPv6 DNS to Admin Console
                jschweitzer

                you are correct. we're using Transparent.

                 

                if it doesnt support IPv6 addresses, how will lookups occur? are the existing IPv4 DNS servers going to have to support IPv6 lookups or something? We dont control the DNS servers. The organization for which i work controls them. we simply leverage them for lookups.

                 

                at the same time, our Internal interface has IPv4 addresses for our local DNS servers - 192.168.100.x. Is the result going to be the same whereby the DNS servers have to somehow translate IPv6 requests?

                • 5. Re: Adding IPv6 DNS to Admin Console
                  jschweitzer

                  sliedl - have you heard back from the dev team? If Transparent DNS doesnt support IPv6 does that mean i'll have to change to "firewall hosted"?

                  • 6. Re: Adding IPv6 DNS to Admin Console
                    sliedl

                    I have not had an answer back from my question to them.  It appears that transparent DNS does not support IPv6 addresses.  Therefore you must use IPv4 addresses.

                    • 7. Re: Adding IPv6 DNS to Admin Console
                      jschweitzer

                      ok, so how does IPv6 translation/lookups work then?