HP OpenVMS systems documentation

The information in this chapter is for experienced DNS/BIND administrators. See the HP TCP/IP Services for OpenVMS Management manual for more information on BIND.

3.1 IPv6 Support in BIND Version 9

BIND supports all forms of IPv6 name-to-address and address-to-name lookups. It can also accept queries over an IPv6 (AF_INET6) connection and use IPv6 addresses to make queries when running on an IPv6-capable system.

For name-to-address lookups, using AAAA records is recommended because A6 records have been moved to experimental status. Like most stub resolvers, the resolver in TCP/IP Services supports only AAAA lookups because of the difficulty in following A6 chains. The AAAA record for IPv6 is analogous to the A record for IPv4. It specifies an entire address in a single record. For example,

$ORIGIN ipv6.my.zone. host1 IN AAAA 5f00:0000:0102:0300:0203:0800:2b0a:0b0c

3.1.2 Name Lookups Using Nibble Format

For address-to-name lookups, the nibble format is recommended because use of the bitstring format has been moved to experimental status. Use of the ip6.arpa IPv6 reverse mapping zone defined in RFC 3152 is recommended because the ip6.int IPv6 address space defined in RFC 1886 has been deprecated and will likely be phased out in the future.

As in IPv4, when looking up an address in nibble format, the address components are simply reversed and ip6.arpa. is appended to the resulting name. For example, the following would provide reverse lookup for a host with the address 5f00:0000:0102:0300:0203:0800:2b0d:0e0f:

$ORIGIN 3.0.2.0.0.0.3.0.2.0.1.0.0.0.0.0.0.0.f.5.ip6.arpa. f.0.e.0.d.0.b.2.0.0.8.0 IN PTR host2.ipv6.my.zone.

3.1.3 Using DNAME To Rename ip6.int

The deprecation of the ip6.int IPv6 reverse mapping zone has resulted in an issue for existing clients that will continue to search the ip6.int name space for PTR resource records. Administrators will need to continue to provide PTR data under both of these zones to be compatible with both old and new clients. There is a convenient method using DNAME resource records that can ease administration of this data. The DNAME resource record is used to substitute one suffix of a domain name with another. In this case it will substitute your ip6.int zone suffix with the equivalent ip6.arpa zone suffix. For example, the following DNAME resource record accomplishes the substitution:

$ORIGIN 3.0.2.0.0.0.3.0.2.0.1.0.0.0.0.0.0.0.f.5.ip6.int. DNAME 3.0.2.0.0.0.3.0.2.0.1.0.0.0.0.0.0.0.f.5.ip6.arpa.

This approach will work for any point in the name space as long as all authoritative servers for the PTR zone fully implement DNAME resource record behavior as specified in RFC 2672. This includes BIND9 servers but excludes BIND8 servers.

3.1.4 Enabling IPv6 Interfaces

For IPv6, the BIND server does not bind a separate socket to each interface address as it does for IPv4. Instead, it listens on the IPv6 wildcard address, which is not enabled by default. You must use the listen-on-v6 option to specify the ports on which the server will listen for incoming queries sent using IPv6. To enable the BIND server to answer IPv6 queries, you must specify the port in the options statement of the BIND server configuration file. The only values allowed for the option are { any; } and { none; }. For example, to listen on the default port 53 specify the following:

listen-on-v6 { any; };

To listen on port 1234, specify the following:

listen-on-v6 port 1234 { any; };

If you do not specify the listen-on-v6 option, the BIND server will not listen on any IPv6 interfaces.

3.2 Sample BIND Configuration Files

The SYS$COMMON:[SYSHLP.EXAMPLES.TCPIP.IPV6.BIND] directory contains DNS configuration and data files that show sample IPv6 information for you to study and adapt to your environment.

Example 3-1 shows a sample BIND Server configuration file. This file is the mechanism used by BIND for pointing the server to its zone data files.

Example 3-1 Sample TCPIP$BIND.CONF_IPV6

# # File name: TCPIP$BIND.CONF_IPV6 # Product: hp TCP/IP Services for OpenVMS # Version: V5.4-00 # # © Copyright 1976, 2003 Hewlett-Packard Development Company, L.P. # # # Example IPv6 BIND server configuration # options { directory "sys$specific:[tcpip$bind]"; # # (listen-on-v6 is for BIND 9 and later) # Unless this option is specified, the server # does not listen on any IPv6 addresses. # Use: listen-on-v6 { any; }; # }; zone "ipv6.my.zone" { type master; file "ipv6.db"; }; zone "3.0.2.0.0.0.3.0.2.0.1.0.0.0.0.0.0.0.f.5.IP6.ARPA" { type master; file "ipv6.arpa"; }; zone "3.0.2.0.0.0.3.0.2.0.1.0.0.0.0.0.0.0.f.5.IP6.INT" { type master; file "ipv6.int"; }; zone "0.0.127.in-addr.arpa" { type master; file "127_0_0.db"; }; zone "localhost" in { type master; file "localhost.db"; }; zone "." { type hint; file "root.hint"; };

Example 3-2 shows the forward mapping data file for the ipv6.my.zone zone. Note that both AAAA resource records (IPv6) and A resource records (IPv4) can be included in a zone. Administrators may wish to delegate a separate zone containing only IPv6 resource records for convenience.

Example 3-2 Sample IPV6.DB File

; ; File name: IPV6.DB ; Product: hp TCP/IP Services for OpenVMS ; Version: V5.4-00 ; ; © Copyright 1976, 2003 Hewlett-Packard Development Company, L.P. ; ; ; Example BIND data file for ipv6.my.zone ; $TTL 1d @ IN SOA ns.ipv6.my.zone. postmaster.ipv6.my.zone. ( 1 ; Serial 3600 ; Refresh 300 ; Retry 3600000 ; Expire 3600 ) ; Minimum ; ; Nameservers ; IN NS ns.ipv6.my.zone. IN NS ns.ipv4.my.zone. ; ; IPv6 nodes ; host1 IN AAAA 5F00:0000:0102:0300:0203:0800:2B0A:0B0C host2 IN AAAA 5F00:0000:0102:0300:0203:0800:2B0D:0E0F ; ; IPv4 and IPv6 nodes ; host3 IN AAAA 5F00:0000:0102:0300:0203:0800:2B0C:0B0A IN A 10.20.30.40 host4 IN A 10.30.40.50

Example 3-3 shows the reverse mapping data file for the 3.0.2.0.0.0.3.0.2.0.1.0.0.0.0.0.0.0.f.5.ip6.arpa zone.

Example 3-3 Sample IPV6.ARPA File

; ; File name: IPV6.ARPA ; Product: hp TCP/IP Services for OpenVMS ; Version: V5.4-00 ; ; © Copyright 1976, 2003 Hewlett-Packard Development Company, L.P. ; ; ; Example BIND data file for 3.0.2.0.0.0.3.0.2.0.1.0.0.0.0.0.0.0.f.5.IP6.ARPA ; (corresponds to the 5F00:0000:0102:0300:0203::/80 prefix) ; $TTL 1d @ IN SOA ns.ipv6.my.zone. postmaster.ipv6.my.zone. ( 1 ; Serial 3600 ; Refresh 300 ; Retry 3600000 ; Expire 3600 ) ; Minimum ; ; Nameservers ; IN NS ns.ipv6.my.zone. IN NS ns.ipv4.my.zone. ; ; IPv6 nodes ; c.0.b.0.a.0.b.2.0.0.8.0 IN PTR host1.ipv6.my.zone. f.0.e.0.d.0.b.2.0.0.8.0 IN PTR host2.ipv6.my.zone. a.0.b.0.c.0.b.2.0.0.8.0 IN PTR host3.ipv6.my.zone.

Example 3-4 shows a sample IPV6.INT data file containing the single DNAME resource record that accomplishes the ip6.int renaming as discussed in Section 3.1.3.

Any data added to the ip6.arpa name space in the IPV6.ARPA zone data file will now also be available in the ip6.int name space. No changes need to be made to the IPV6.INT zone data file. The IPV6.INT and IPV6.ARPA zone statements in the BIND server configuration file are the same as those in Example 3-1.

Example 3-4 Sample IPV6.INT File

; ; File name: IPV6.INT ; Product: hp TCP/IP Services for OpenVMS ; Version: V5.4-00 ; ; © Copyright 1976, 2003 Hewlett-Packard Development Company, L.P. ; ; ; Example BIND data file for 3.0.2.0.0.0.3.0.2.0.1.0.0.0.0.0.0.0.f.5.IP6.INT ; (corresponds to the 5F00:0000:0102:0300:0203::/80 prefix) ; $TTL 1d @ IN SOA ns.ipv6.my.zone. postmaster.ipv6.my.zone. ( 1 ; Serial 3600 ; Refresh 300 ; Retry 3600000 ; Expire 3600 ) ; Minimum ; ; Nameservers ; IN NS ns.ipv6.my.zone. IN NS ns.ipv4.my.zone. ; ; DNAME record ; DNAME 3.0.2.0.0.0.3.0.2.0.1.0.0.0.0.0.0.0.f.5.ip6.arpa.

Once you have configured your system for IPv6, you may want to make changes to your configuration or monitor the network. TCP/IP Services for OpenVMS supplies commands to do both.

Extensions to existing management commands and a new IPv6 command allow you to perform typical management functions. Section 4.1 describes these commands.

Section 4.2 describes typical IPv6 management tasks, with examples.

Section 4.3 describes UNIX-style management tools to monitor the network.

Section 4.4 describes log files that you can use to monitor network performance.

4.1 IPv6 Extensions to Management Commands

The HP TCP/IP Services for OpenVMS Management Command Reference manual describes the basic management commands, including the UNIX commands, you can use to manage the TCP/IP Services software. The HP TCP/IP Services for OpenVMS Tuning and Troubleshooting manual contains more detailed information about the UNIX management commands. The following sections describe only IPv6 extensions to those management commands.

To use UNIX management commands at the DCL prompt, execute the following command procedure (or put it into your LOGIN.COM so that it executes each time you log in):

$ @SYS$MANAGER:TCPIP$DEFINE_COMMANDS

For the AF_INET6 address family, use the following syntax:

ifconfig interface_id address_family [[ip6prefix] address[/bitmask] [dest_address]] [parameters]

For the AF_INET6 address family, the address argument is either a host name or the 128-bit IPv6 address, in the following format:

x:x:x:x:x:x:x:x

In this format, each x is the hexadecimal value of a 16-bit piece of the address.

The ip6prefix argument specifies that the interface identifier is to be appended to the address argument when configuring an address on the interface. The interface identifier uniquely identifies an interface on a subnet and is typically the interface's Link layer address. The following are the parameters for the ifconfig command.

Parameters [AF_INET6 only]:

• ip6interfaceid id
  Overrides the default interface ID, which depends on the underlying link type (for example, Ethernet, FDDI), and specifies an inet6 interface ID for the interface. For example, if your system has the Ethernet hardware address 08-00-2b-2a-1e-d3, the following command generates the inet6 link-local address fe80::a00:2bff:fe2a:1ed3 for the interface:

  $ ifconfig "WEO" ipv6

  
  On the same system, the following command generates the inet6 interface ID abcd:1234 for the interface:

  $ ifconfig "WE0" ip6interfaceid ::abcd:1234 ipv6

• ipv6
  Initializes IPv6-related data structures and assigns an IPv6 link-local address to the interface.
• -ipv6
  Removes any IPv6 configuration associated with the interface, including all IPv6 addresses and IPv6 routes through the interface. This command is equivalent to the ifconfig interface inet6 delete command.
• ip6dadtries value
  Specifies the number of consecutive neighbor solicitation messages that your system transmits as it performs duplicate address detection on a tentative address.
• ip6hoplimit hops
  Sets the default number of hops to be included in transmitted unicast IP packets.
• ip6mtu mtu_value
  Alters the maximum trasmission unit (MTU) for messages that your system transmits on the link.
• ip6nonud
  Disables Neighbor Unreachability Detection (NUD) on the interface.
• ip6reachabletime time
  Sets the time, in milliseconds, that your system considers a neighbor is reachable after your system receives a reachability confirmation message.
• ip6retranstimer value
  Sets the time interval, in milliseconds, between neighbor solicitation messages to a neighbor.

Refer to the HP TCP/IP Services for OpenVMS Tuning and Troubleshooting manual for more information on the ifconfig command.

4.1.2 iptunnel Command

The iptunnel command creates configured tunnels for sending and receiving IPv6 or IPv4 packets that are encapsulated as the payload of an IPv4 datagram.

The iptunnel command can perform the following operations:

• create
  Creates a tunnel interface, which you must subsequently configure by using the ifconfig command. The syntax of the create operation is as follows:

  iptunnel create [-I int-name] [v4-dest] [v4-src]

  
  Parameters

  • -I int-name
    Specifies the interface unit of the tunnel to be created. This is an optional parameter. The int-name parameter has the form itx, where x is the interface unit number. By default, the interface name selected for the tunnel is itx+1, or the value of the interface unit number of the last tunnel created plus 1.
  • v4-dest
    Specifies the remote endpoint to which a tunnel is to be created.
  • v4-src
    Sets the IPv4 source address in the encapsulating header. The tunnel is enabled (packets are sent and received on the tunnel) only if v4-src is a valid address on the system. This is an optional parameter.
• delete
  Deletes a tunnel interface. You must disable the tunnel before you can delete it by entering the following command:

  $ ifconfig tunnel name down delete abort

  
  Then enter:

  $ iptunnel delete tunnel

• show
  Shows the tunnel attributes (name, tunnel endpoints, next hop for tunneled packets).

  $ iptunnel show tunnel

For related information, see RFC 2003.

4.2 Typical Management Tasks

After restarting the network with IPv6 enabled, you might want to do the following:

• Connect to the 6bone network
• Initialize a new interface for IPv6
• Create a configured tunnel
• Add addresses to or delete addresses from an interface
• Add or delete a default router
• Manually add a route for an onlink prefix

The following sections describe these tasks.

4.2.1 Connecting to the 6bone Network

The 6bone network provides a test environment for IPv6 networks. To connect to the 6bone, choose a 6bone point that is reasonably close to your normal IPv4 paths into the Internet. The 6bone web site at http://www.6bone.net contains information on how to join the 6bone and how to find an attachment point. If you want to connect to the 6bone through the HP Palo Alto site either before or after you configure IPv6 on your host or router, complete the following steps:

1. Register your IPv4 tunnel by sending your 6bone IPv6 address prefix and the IPv4 address of your router to the following address:

   gw-6bone@pa.dec.com

2. Wait for confirmation that support for your tunnel is configured at HP.
   HP will provide both an IPv6 global address prefix for you to use at your site and the IPv4 address of the HP Palo Alto router.
3. Configure your tunnel by running the TCPIP$IP6_SETUP utility.
4. Verify that your tunnel is operational by issuing the ping command to one of the following HP IPv6 nodes:

   altavista.ipv6.digital.com ftp.ipv6.digital.com www.ipv6.hp.com

   
   For additional information about connecting to the 6bone, see the 6bone home page:

   http://www.6bone.net

In some cases, you might want to either add a new interface card to your system or change an interface card from one type to another. After the new card is installed, you must initialize it for IPv6 operation. To initialize an interface, use the ifconfig command with the following syntax:

$ ifconfig device ipv6 up

For LAN interfaces, the ifconfig command creates the link-local address (FE80::) and starts detection of duplicate addresses.

For example, to initialize Ethernet interface WE0 for use with IPv6, enter the following:

$ ifconfig "WE0" ipv6 up

To initialize the loopback interface for use with IPv6, enter the following:

$ ifconfig "LO0" ipv6 up

To initialize the automatic tunnel interface, enter the following:

$ ifconfig "TN0" ipv6 up

This command designates one of the system's IPv4 addresses for use as the tunnel endpoint.

If you want the designated IPv4 address to be the permanent tunnel endpoint, you must use TCPIP$IP6_SETUP.

4.2.2.1 Setting the IPv6 Interface Identifier

You can set the IPv6 interface ID at the same time you initialize an interface by using the ifconfig command with the ip6interfaceid parameter. For example, to initialize Ethernet interface WE0 for use with IPv6 and to set its interface ID to the 64-bit value 0x0123456789abcdef , enter the following:

$ ifconfig "WE0" ip6interfaceid ::0123:4567:89ab:cdef ipv6 up

Although the interface ID is expressed in standard IPv6 address format, only the low-order 64 bits are used.