TableOfContents

IPv6 configuration guide for BIND9

How can enable BIND9 to listen on IPv6?

BIND9 by default does not listen on IPv6 address. You should enable it in your configuration file:

 options {
    listen-on-v6 { any; };
 };

How can I disable BIND9 to liston on IPv6 address?

To disable IPv6 for listening, following options are requested to change:

options {
        # sure other options here, too
        listen-on-v6 { none; };
};

This not necessary except BIND9 versions earlier the 9.2.0.

How can I configure ACLs with IPv6 addresses?

IPv6 enabled ACLs are possible. An example looks like following:

acl internal-net {
        127.0.0.1;
        10.10.10.0/24;
        2001:0db8:100::/64;
        ::1/128;
        ::ffff:10.10.10.10/128;
};

acl ns-internal-net {
        10.10.10.1;
        10.10.10.2;
        2001:0db8:100::4/128;
        2001:0db8:100::5/128;
};

This ACLs can be used e.g. for queries of clients and transfer zones to secondary name-servers. This prevents also your caching name-server to be used from outside using IPv6.

options {
        # sure other options here, too
        listen-on-v6 { none; };
        allow-query { internal-net; };
        allow-transfer { ns-internal-net; };
};

It's also possible to set the allow-query and allow-transfer option for most of single zone definitions, too.

How can I use a specific IPv6 address in queries?

query-source-v6 address <ipv6address|*> port <port|*>;

How can I use a specific IPv6 address for zone transfers?

Transfer source address is used for outgoing zone transfers:

transfer-source-v6 <ipv6addr|*> [port port];

How can I use a specific IPv6 address for notification?

Notify source address is used for outgoing notify messages:

notify-source-v6 <ipv6addr|*> [port port];