Opened 8 years ago

Closed 10 months ago

#3628 closed Feature/Enhancement Request (fixed)

Support AAAA DNS records in control panel

Reported by: Daniel Kahn Gillmor Owned by: Jamie McClelland
Priority: High Component: Tech
Keywords: djbdns ipv6 controlpanel dbndns Cc:
Sensitive: no


AAAA DNS records map from names to IPv6 addresses.

i don't think the MFPL control panel allows publication of AAAA records at the moment.

It would be good to support that.

djbdns itself doesn't support it automatically, but there are instructions online for using it unpatched. We could probably also patch djbdns for AAAA record inclusion.

Change History (20)

comment:1 Changed 8 years ago by Daniel Kahn Gillmor

Aha. debian already has a pre-patched dbndns package (dbndns is the debian fork), which already includes the ipv6 patches. It's possible that all we'd need to do to allow this is to upgrade from djbdns to dbndns.

Any objections to my trying this on for starters?

comment:2 Changed 8 years ago by Jamie McClelland

Nope - please do! jamie

comment:3 Changed 8 years ago by Daniel Kahn Gillmor

Owner: changed from Jamie McClelland to Daniel Kahn Gillmor
Status: newassigned

I did this transition last night on some other keyservers i control, with no surprises or problems. i'll do it on now.

comment:4 Changed 8 years ago by Daniel Kahn Gillmor

OK, is now running dbndns with no problem.

i'm going to test adding an AAAA record manually shortly.

comment:5 Changed 8 years ago by Daniel Kahn Gillmor

Keywords: dbndns added

this works fine (i was tweaking chun:/etc/service/tinydns/root/data directly to make the updates happen on b.ns without touching a.ns):

0 dkg@pip:~$ dig +short aaaa
0 dkg@pip:~$ dig +short aaaa
0 dkg@pip:~$ 

I'd like to go ahead and make this transition on as well. Please let me know if that's not OK.

comment:6 Changed 8 years ago by Daniel Kahn Gillmor

I've made the transition on viewsic as well now, and added our first AAAA record ( via the special-records file, as well as a delegation for reverse lookup of the IPv6 range we got from HE, so that should be activated at whatever point they decide to go ahead and delegate to us.

So all that remains on this ticket is to update the web interface for IPv6 records.

comment:7 Changed 8 years ago by Daniel Kahn Gillmor

Owner: changed from Daniel Kahn Gillmor to Jamie McClelland
Status: assignednew

I'm re-assigning this back to jamie for the control panel update, since i don't really understand that code yet.

the two new record types this upgrade enabled are 6 and 3. 6 produces an AAAA record (name->IPv6 address) and the corresponding PTR record (which binds a mangled version of the address back to the name). 3 is "half" of a 6 line: it just produces the AAAA record (so 6 is to 3 in the IPv6 space as = is to + in the IPv4 space for tinydns-data).

If you just want a ptr record, you have to do the address mangling yourself, but you can do it with a ^ record, just like an IPv4 PTR record.

The IPv6 addresses in 3 and 6 records should be written out fully in their hex form, without the interleaved colons.

So, for example:

produces an AAAA record (mapping → 2001:470:1:116::2) and the matching PTR record (mapping →

In perl, i'd use the Net::IP module to go from the human-readable versions of IPv6 addresses to the dbndns representation:

use Net::IP;
my $in = new Net::IP("2001:470:1:116::2");
my $out = $in->hexip();
# strip the "0x" prefix that Net::IP includes:
$out =~ s/^0x// ;

(the same module provides tools to produce the opposite transformation as well as to generate the horrible mangled-address variants for IPv6 PTR records if you need them)

For PHP, i'm less sure how to proceed. There's something called inet_pton, but conversions from the output of that function might be architecture-dependent (i.e. the byte orderings might change on different platforms). Since we're deploying pretty consistently on a single platform (amd64 with Linux and GNU libc) we could probably get away with using it, but if we go that route there should be some test scripts or big warning flags so that folks who try out the tools on other platforms don't get burned (or at least get a warning before being burned).

I hope this is helpful!

comment:8 Changed 8 years ago by Jamie McClelland

Thanks dkg!

comment:9 Changed 6 years ago by Ross

Status: newassigned

comment:10 Changed 6 years ago by Jamie McClelland

Priority: MediumLow

comment:11 Changed 4 years ago by Joseph

Priority: LowMedium
Type: Bug/Something is brokenFeature/Enhancement Request

I'm going to +1 this feature. IPv6 is becoming more and more ubiquitous.

comment:12 Changed 3 years ago by Joseph

Priority: MediumHigh

Not being able to create AAAA records is becoming an increasing problem, particularly around mail delivery. Is there a timeline for when this feature is going to be added?

comment:13 Changed 3 years ago by Jamie McClelland

I think we'll solve this problem by solving #11368.

Between now and then, I can add records manually for you.

I'd really like to see #11368 solved as part of our upgrade from wheezy to squeeze (so we don't have to keep porting our ancient dbndns debian package to yet newer versions of debian).

I'm hoping to see that happen in the next 2 - 3 months. Since it requires a pretty significant change to the control panel it's hard to predict.

comment:14 Changed 3 years ago by Joseph

Makes sense to wait for the transition.

We actually have a bunch to add. Is it possible we could walk through this together or create some documentation for this process?

Somewhat related to this is the need to create a AAAA PTR record as well. Is that possible?

comment:15 Changed 3 years ago by Jamie McClelland

Yes - that would be great to walk through it. I think I would start with dkg's comment above.

Are you assigning AAAA records for resources hosted on our servers (e.g. you need us to assign you an ipv6 address and assign it to one of our servers)?

Or - do yo have your own ipv6 addresses hosted elsewhere?

comment:16 Changed 11 months ago by Jamie McClelland

#11368 is resolved, but we still don't have the ability to add ptr records of ipv6 addresses, so this ticket remains open.

comment:17 Changed 11 months ago by Daniel Kahn Gillmor

I think the zone file for PTR records for our IPv6 netblock (2001:470:1:116::/64) ought to look like this (e.g. in /path/to/

$TTL    1d
@       IN      SOA (
                        2018052903      ; Serial
                        86400           ; Refresh
                        7200            ; Retry
                        2592000         ; Expire
                        172800          ; Minimum TTL
        IN      NS
        IN      NS
; 2001:470:1:116::/64 IN PTR IN PTR IN PTR

In knot's configuration, you'd want something like this:

 - domain:
   file: "/path/to/"

make sense?

comment:18 Changed 11 months ago by Daniel Kahn Gillmor

to be clear, we'll need one zone file (and sub-stanza in knot.conf) like this for each IPv6 delegation MF/PL is responsible for.

If one of our members wants us to become the NS of record for some other non-MFPL-managed zone of IPv6 addresses, that would be an additional feature we could offer to better support our members.

comment:19 Changed 11 months ago by Jamie McClelland

Resolution: fixed
Status: assignedfeedback

Hi dkg - I've just implemented these changes in the control panel and created these records in the hosting orders DNS section.

Can you dig again to make sure we are still getting the proper results? And if so, we can close this ticket.

comment:20 Changed 10 months ago by automatic

Status: feedbackclosed

No news is good news (we hope)! Given the lack of feedback, we think this ticket can be closed.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.