IPv6 configuration guide for BIND9

How can enable BIND9 to listen on IPv6?

BIND9 by default does not listen on IPv6 address. You should enable it in your configuration file:

 options {
    listen-on-v6 [ port ip_port ]{ any; };
 };

If a port is not specified, port 53 will be used.

How can I disable BIND9 to liston on IPv6 address?

To disable IPv6 for listening, following options are requested to change:

options {
        # sure other options here, too
        listen-on-v6 { none; };
};

This not necessary except BIND9 versions earlier the 9.2.0.

How can I configure ACLs with IPv6 addresses?

IPv6 enabled ACLs are possible. An example looks like following:

acl internal-net {
        127.0.0.1;
        10.10.10.0/24;
        2001:0db8:100::/64;
        ::1/128;
        ::ffff:10.10.10.10/128;
};

acl ns-internal-net {
        10.10.10.1;
        10.10.10.2;
        2001:0db8:100::4/128;
        2001:0db8:100::5/128;
};

This ACLs can be used e.g. for queries of clients and transfer zones to secondary name-servers. This prevents also your caching name-server to be used from outside using IPv6. On some systems, it is neccessary to use IPv4 mapped addresses IPv6 addressess for dealing with IPv4 addresses.

options {
        # sure other options here, too
        listen-on-v6 { none; };
        allow-query { internal-net; };
        allow-transfer { ns-internal-net; };
};

It's also possible to set the allow-query and allow-transfer option for most of single zone definitions, too.

How can I use a specific IPv6 address in queries?

query-source-v6 address <ipv6address|*> port <port|*>;

How can I use a specific IPv6 address for zone transfers?

Transfer source address is used for outgoing zone transfers:

transfer-source-v6 <ipv6addr|*> [port port];

How can I use a specific IPv6 address for notification?

Notify source address is used for outgoing notify messages:

notify-source-v6 <ipv6addr|*> [port port];