Differences between revisions 1 and 2

IPv6 configuration guide for BIND9

How can enable BIND9 to listen on IPv6?

BIND9 by default does not listen on IPv6 address. You should enable it in your configuration file:

 options {
    listen-on-v6 { any; };
 };

How can I disable BIND9 to liston on IPv6 address?

To disable IPv6 for listening, following options are requested to change:

options {
        # sure other options here, too
        listen-on-v6 { none; };
};

This not necessary except BIND9 versions earlier the 9.2.0.

How can I configure ACLs with IPv6 addresses?

IPv6 enabled ACLs are possible. An example looks like following:

acl internal-net {
        127.0.0.1;
        10.10.10.0/24;
        2001:0db8:100::/64;
        ::1/128;
        ::ffff:10.10.10.10/128;
};

acl ns-internal-net {
        10.10.10.1;
        10.10.10.2;
        2001:0db8:100::4/128;
        2001:0db8:100::5/128;
};

This ACLs can be used e.g. for queries of clients and transfer zones to secondary name-servers. This prevents also your caching name-server to be used from outside using IPv6.

options {
        # sure other options here, too
        listen-on-v6 { none; };
        allow-query { internal-net; };
        allow-transfer { ns-internal-net; };
};

It's also possible to set the allow-query and allow-transfer option for most of single zone definitions, too.

-  ⇤ ← Revision 1 as of 2006-02-09 18:19:05 → 
  Size: 285
  Editor: mohacsi
  Comment:
+   ← Revision 2 as of 2006-12-01 16:25:20 → ⇥
  Size: 1484
  Editor: mohacsi
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 5:
-==  How can enable BIND9 to listen on IPv6  ==
+==  How can enable BIND9 to listen on IPv6?  ==
 Line 13:
+== How can I disable BIND9 to liston on IPv6 address? ==

To disable IPv6 for listening, following options are requested to change:
{{{
options {
        # sure other options here, too
        listen-on-v6 { none; };
};
}}}

This not necessary except BIND9 versions earlier the 9.2.0.

== How can I configure ACLs with IPv6 addresses? ==

IPv6 enabled ACLs are possible. An example looks like following:
{{{
acl internal-net {
        127.0.0.1;
        10.10.10.0/24;
        2001:0db8:100::/64;
        ::1/128;
        ::ffff:10.10.10.10/128;
};

acl ns-internal-net {
        10.10.10.1;
        10.10.10.2;
        2001:0db8:100::4/128;
        2001:0db8:100::5/128;
};
}}}

This ACLs can be used e.g. for queries of clients and transfer zones to secondary name-servers. This prevents also your caching name-server to be used from outside using IPv6.

{{{
options {
        # sure other options here, too
        listen-on-v6 { none; };
        allow-query { internal-net; };
        allow-transfer { ns-internal-net; };
};
}}}

It's also possible to set the ''allow-query'' and ''allow-transfer'' option for most of single zone definitions, too.