What is djbdns and why does it need IPv6?

Most people agree that IPv6 will come sooner or later, but obviously you need a DNS infrastructure that supports IPv6. djbdns is a full blown DNS server which outperforms BIND in nearly all respects. However, it does not support IPv6 out of the box.

Fortunately, Dan Bernstein (the author of djbdns) has defined a very clean API that made the conversion possible in a few days.

What does your diff do?

The current version adds support for AAAA records (those are the DNS records that store IPv6 numbers). tinydns-conf will now create /etc/tinydns/add-host6 and /etc/tinydns/add-alias6, and data can now contain records of type "6" and "3". Also, dnsq now understand AAAA records and a new program called "dnsip6" is the IPv6 equivalent of the old dnsip. [new] Automatic internal lookup of some reserved IPv6 addresses (like "::1"). There is also experimental IPv6 transport support.

This diff also integrates an ipv6 port of Russ Nelson's anti-Verisign patch. Boycott saboteurs!

What does not work yet?

tinydns-edit won't accept IPv6 addresses for NS or MX records yet. I haven't even started to look at axfr, but it should just work if you use my IPv6 patches for ucspi-tcp.

How do reverse lookups work?

The reverse lookup for 2001:658:0:2:2e0:18ff:fe98:b03d looks like this:

d.3.0.b.8.9.e.f.f.f.8.1.0.e.2.0.2.0.0.0.0.0.0.0.8.5.6.0.1.0.0.2.ip6.int

My patch will put a record like this in your data.cdb, but you still need to get a delegation for your range. For a /64, the delegation would mean leaving half the digits away, as in 2.0.0.0.0.0.0.0.8.5.6.0.1.0.0.2.ip6.int. Talk to your ISP about this!

There also is a supposedly new and better scheme for doing DNS for IPv6, and it employs bit strings, DNAME and A6 records, which are really broken by design. Dan has a good write-up about this issue. Rumour has it that the IETF has seen the light and killed this mindblowingly bad proposal. I have not implemented it and probably will not in the future. It involves the domain ip6.arpa, in case you see that somewhere. (News July 2002: The IEFT really has seen the light)

Where can I get the patch?

Simply download djbdns-1.05-test27.diff.bz2 [sig]. Beware: unified diff format (you probably need GNU patch to apply it).

[News!] By request I also host this IXFR patch which makes axfrdns work with BIND9 slaves using IXFR. This patch was originally posted by Luc Pardon, but it is probably easier to find here than in the list archives.

[News!] If you want IPv6 and DNSSEC, you'll find there are patches for both but they conflict. Here is a merged patch, thanks to Henryk.

See Also

If you like this, you should probably also go to:

  1. libowfat project, now contains the DNS client library with IPv6 support
  2. my unofficial djbdns FAQ
  3. my ucspi patches
  4. my daemontools patches
  5. bzip2, the compressor I used to compress the diff.