Configuring DNS for IPv6/IPv4 Coexistence
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Through DNS dynamic update, DNS client computers register and dynamically update their resource records with a DNS server whenever an IP address changes. This reduces the need to manually administer zone files, especially for clients that frequently move or change locations and that use DHCP to obtain an IP address.
In an IPv4 environment, by default the DNS Client service on computers running Windows 2000, Windows XP, or Windows Server 2003 dynamically updates host (A) resource records (RRs) in DNS. If all hosts on your network run those operating systems, DNS dynamic updates are automatic.
However, on hosts that do not support dynamic update, you must either enable dynamic update or manually add or update their DNS records. The same is true on a network to which IPv6 has been introduced: hosts that do not support dynamic update must have dynamic update enabled or must have DNS records added manually. IPv6 has the additional requirement that IPv6 nodes use a new type of address resource record, known as AAAA (quad-A) resource records, to resolve a fully qualified domain name to an IPv6 address. (Four "A"s are used for the name of these resource records because 128-bit IPv6 addresses are four times as large as 32-bit IPv4 addresses.)
Systems that support IPv6 use the same domain names as the domain names used in IPv4 but have both IPv6 and IPv4 addresses registered in DNS. The DNS Server service in Windows Server 2003 and Windows 2000 support processing for DNS IPv6 host records as defined in RFC 1886, "DNS Extensions to Support IP Version 6."
An IPv6 host sends DNS name queries to the DNS server to resolve host names to IPv6 addresses. The AAAA resource records stored on the DNS server provide the mapping from a host name to its IPv6 address.
DNS traffic is also supported over IPv6 for both client and server. The client and server are configured for IPv6 over DNS using anycast or unicast DNS server IP addresses. For more information, see "IPv6 configuration items" in Help and Support Center for Windows Server 2003.
Because IPv6 addresses are too long to remember easily, you can populate your DNS servers with IPv6 address resource records to support IPv6 name-to-address resolutions and optionally with pointer resource records to support IPv6 address-to-name resolutions:
Address Resource Records. To successfully resolve names to addresses, the DNS infrastructure must contain the following resource records, populated either manually or dynamically:
A resource records for the IPv4 addresses of IPv4 nodes.
AAAA resource records for the IPv6 addresses of IPv6 nodes. The following is an example of a AAAA resource record:
host1.microsoft.com IN AAAA FEC0::2AA:FF:FE3F:2A1C
Pointer (PTR) Resource Records (optional; not recommended). The DNS infrastructure can also contain the following resource records, populated either manually or dynamically, to resolve addresses to host names in reverse queries:
PTR records in the IN-ADDR.ARPA domain for the IPv4 addresses of IPv4 nodes.
PTR records in the IP6.ARPA domain for the IPv6 addresses of IPv6 nodes. (Recall that RFC 3152 specifies that IP6.INT be phased out and replaced by IP6.ARPA.) The IP6.INT domain was created specifically for IPv6 reverse queries. To create the namespace for reverse queries, each hexadecimal digit in the 32-digit IPv6 address (zero compression and double-colon compression notation cannot be used) becomes a separate level in inverse order in the reverse domain hierarchy. Therefore, the reverse lookup domain name for the address FEC0::2AA:FF:FE3F:2A1C is:
Integrating PTR resource record support into your DNS infrastructure is not recommended.
For name-to-address resolution, after the querying node obtains the set of addresses corresponding to the name, that node must determine the best set of addresses to use as the source and destination for outbound packets.
While name-to-address resolution is fairly straightforward in an IPv4-only environment, it becomes more complex in an environment in which IPv4 and IPv6 coexist. In the mixed IPv6/IPv4 scenario, a DNS query can return both IPv4 and IPv6 addresses. The querying host is configured with at least one IPv4 address and, typically, multiple IPv6 addresses. Determining the type of address (IPv4 versus IPv6), and then the scope of the address (for IPv4, public versus private; for IPv6, link-local versus site-local versus global versus coexistence), for both the source and the destination addresses is complex.
Two algorithms, one to select the source address and another to select the destination address, specify default behavior for IPv6 implementations. These algorithms do not override choices made by applications or upper-layer protocols, nor do they preclude the development of more advanced mechanisms for address selection. The two algorithms include an optional mechanism that lets you override the default behavior. In dual-stack implementations, the destination address selection algorithm considers both IPv4 and IPv6 addresses, and determines whether it prefers IPv6 addresses over IPv4 addresses, or vice-versa.
For more information about default address selection rules for IPv6, including the source address selection algorithm and the destination address selection algorithm, see the Internet Draft "Default Address Selection for IPv6."
For an introduction to IPv6 and more information about Windows Server 2003 IPv6, see the Networking Collection of the Windows Server 2003 Technical Reference (or see the Networking Collection on the Web at http://www.microsoft.com/reskit), or see the IPv6 link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.