DNS - Domain Name System ========================== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is DNS?** DNS stands for Domain Name System. It’s like the phonebook of the internet. When you type a website name like www.example.com into your browser, DNS translates that name into an IP address (like 192.0.2.1) so your computer can find and connect to the correct website. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is DNS important?** Computers use IP addresses to identify each other on the internet. Humans prefer easy-to-remember names (like google.com) instead of numbers. DNS makes it possible to use names instead of IP addresses. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How DNS works (in simple steps):** * You enter a website name in your browser. * Your device asks a DNS server to find the matching IP address. * The DNS server replies with the IP address. * Your browser connects to that IP address and loads the website. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is DNS used?** Web Browsing, Email Services, Mobile Apps, Cloud Services, Enterprise Networks, IoT Devices, CDNs (Content Delivery Networks) and everywhere on the internet to translate names into IP addresses, enabling communication between devices and services. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does this protocol belong to?** DNS is a service that applications (like web browsers or email clients) use to resolve domain names into IP addresses. Since it directly interacts with user-level applications, it belongs to the Application Layer. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is DNS Windows specific?** * No. DNS (Domain Name System) is not Windows specific. * It is a universal protocol used across all major operating systems including Windows, Linux, macOS, and others. * DNS functions as part of the internet infrastructure and is OS-agnostic. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is DNS Linux specific?** * No. DNS is not Linux specific. * DNS services run on many operating systems including Linux, Windows, Unix, and more. * DNS is a global network protocol, not tied to any particular OS. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by DNS?** * DNS primarily uses: * UDP (User Datagram Protocol) on port 53 for most queries. * TCP (Transmission Control Protocol) on port 53 is used for tasks like zone transfers and queries that exceed UDP size limits. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by DNS?** * DNS uses port 53 for both UDP and TCP protocols. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is DNS using Client-Server model?** * Yes. * DNS operates on a client-server model. * Clients (resolvers) send queries to DNS servers to resolve domain names into IP addresses. * Servers respond with the appropriate DNS records. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`DNS Version&RFC Details ` * :ref:`DNS Basic Setup on Ubuntu using IPv4 ` * :ref:`DNS Basic Setup on Ubuntu using IPv6 ` * :ref:`DNS Protocol Packet Details ` * :ref:`DNS Usecases ` * :ref:`DNS Basic Features ` * :ref:`DNS Feature : Name Resolution ` * :ref:`DNS Feature : Record Types ` * :ref:`DNS Feature : Caching ` * :ref:`DNS Feature : Recursive & Iterative Queries ` * :ref:`DNS Feature : Zone Management ` * :ref:`DNS Feature : Delegation ` * :ref:`DNS Feature : Reverse DNS Lookup ` * :ref:`DNS Feature : Security Extensions(DNSSEC) ` * :ref:`DNS Feature : Load Balancing ` * :ref:`DNS Feature : Redundancy & Failover ` * :ref:`Reference links ` .. _DNS_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _DNS_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _DNS_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _DNS_step5: .. tab-set:: .. tab-item:: DNS Version&RFC Details .. csv-table:: :file: ./DNS/DNS_Version_and_RFC_Details.csv :widths: 10,10,10,30 :header-rows: 1 .. _DNS_step20: .. tab-set:: .. tab-item:: Test Case 1: DNS A Record Resolution using IPv4 **Verify DNS A record resolution (IPv4) between two Ubuntu VMs (Server and Client) using BIND9** **Server (Machine A) — DNS Server Setup (IPv4)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; // Listen on specific interfaces listen-on { 127.0.0.1; 192.168.1.10; }; // IP address of your DNS server allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 8.8.8.8; // Google DNS (optional: to forward unresolved queries) 8.8.4.4; }; listen-on-v6 { any; }; dnssec-validation auto; }; .. note:: * Replace ``192.168.1.10`` with the actual IP address you will assign to your DNS server. * Step-3 : Create a Forward Zone File .. code-block:: shell test:~$ sudo nano /etc/bind/db.example.com .. code-block:: shell $TTL 86400 @ IN SOA ns1.example.com. admin.example.com. ( 2023041401 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 86400 ) ; Minimum TTL IN NS ns1.example.com. ns1 IN A 192.168.1.10 @ IN A 192.168.1.10 ; The IP for example.com .. note:: * Replace ``example.com`` with your desired domain name. * Replace ``192.168.1.10`` with the IP address of your DNS server. * Step-4 : Configure the Local Zones .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "example.com" { type master; file "/etc/bind/db.example.com"; }; .. note:: * Replace ``example.com`` with your desired domain name. * Step-5 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ifconfig enp43s0 192.168.1.10 up .. note:: * Replace ``enp43s0`` with your actual network interface name (e.g., eth0, ens33). * Replace ``192.168.1.10`` with the IP address you want to assign to your DNS server. * Step-6 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-7 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping 192.168.1.100 .. note:: * Replace ``192.168.1.100`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver 192.168.1.10 nameserver 8.8.8.8 # Optional: Secondary DNS server .. note:: * Replace ``192.168.1.10`` with the IP address of your DNS server. * This file might be overwritten by NetworkManager. For persistent changes, you might need to configure network settings via Netplan (Ubuntu 18.04+) or directly in network interface configuration files. * Step-2 : Test Ping to the DNS Server .. code-block:: shell test:~$ ping 192.168.1.10 .. note:: * This verifies basic network connectivity between the client and the DNS server. * Step-3 : Test DNS Resolution from the Client .. code-block:: shell test:~$ dig A example.com ; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> A example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59391 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 7863fae90a6737ca01000000680877dccc9eb1dbae3f49bb (good) ;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 86400 IN A 192.168.1.10 ;; Query time: 0 msec ;; SERVER: 192.168.1.10#53(192.168.1.10) (UDP) ;; WHEN: Wed Apr 23 10:47:15 IST 2025 ;; MSG SIZE rcvd: 84 .. note:: * You should see the A record for ``example.com`` resolving to ``192.168.1.10``. * Step-4 : Wireshark Capture :download:`Download wireshark capture ` **Test Case 2: DNS CNAME Record Resolution using IPv4** **Verify DNS CNAME record resolution (IPv4) between two Ubuntu VMs (Server and Client) using BIND9** **Server (Machine A) — DNS Server Setup (IPv4)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; // Listen on specific interfaces listen-on { 127.0.0.1; 192.168.1.10; }; // IP address of your DNS server allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 8.8.8.8; // Google DNS (optional: to forward unresolved queries) 8.8.4.4; }; listen-on-v6 { any; }; dnssec-validation auto; }; .. note:: * Replace ``192.168.1.10`` with the actual IP address you will assign to your DNS server. * Step-3 : Create a Forward Zone File .. code-block:: shell test:~$ sudo nano /etc/bind/db.example.com .. code-block:: shell $TTL 86400 @ IN SOA ns1.example.com. admin.example.com. ( 2023041401 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 86400 ) ; Minimum TTL IN NS ns1.example.com. ns1 IN A 192.168.1.10 @ IN A 192.168.1.10 ; The IP for example.com www IN CNAME example.com. ; CNAME record: www.example.com points to example.com .. note:: * Replace ``example.com`` with your desired domain name. * Replace ``192.168.1.10`` with the IP address of your DNS server. * The CNAME record ``www.example.com`` is configured to point to ``example.com``. * Step-4 : Configure the Local Zones .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "example.com" { type master; file "/etc/bind/db.example.com"; }; .. note:: * Replace ``example.com`` with your desired domain name. * Step-5 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ifconfig enp43s0 192.168.1.10 up .. note:: * Replace ``enp43s0`` with your actual network interface name (e.g., eth0, ens33). * Replace ``192.168.1.10`` with the IP address you want to assign to your DNS server. * Step-6 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-7 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping 192.168.1.100 .. note:: * Replace ``192.168.1.100`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver 192.168.1.10 nameserver 8.8.8.8 # Optional: Secondary DNS server .. note:: * Replace ``192.168.1.10`` with the IP address of your DNS server. * This file might be overwritten by NetworkManager. For persistent changes, you might need to configure network settings via Netplan (Ubuntu 18.04+) or directly in network interface configuration files. * Step-2 : Test Ping to the DNS Server .. code-block:: shell test:~$ ping 192.168.1.10 .. note:: * This verifies basic network connectivity between the client and the DNS server. * Step-3 : Test DNS Resolution from the Client .. code-block:: shell test:~$ dig CNAME example.com ; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> CNAME www.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6439 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: e74eaf01c58f5b210100000068089546899e690ec3ebc44a (good) ;; QUESTION SECTION: ;www.example.com. IN CNAME ;; ANSWER SECTION: www.example.com. 86400 IN CNAME example.com. ;; Query time: 0 msec ;; SERVER: 192.168.1.10#53(192.168.1.10) (UDP) ;; WHEN: Wed Apr 23 12:52:46 IST 2025 ;; MSG SIZE rcvd: 86 .. note:: * This command specifically queries for the CNAME record. The output should clearly show ``www.example.com`` as a CNAME for ``example.com``. * Step-4 : Wireshark Capture :download:`Download wireshark capture ` **Test Case 3: DNS MX Record Resolution** **Verify that the domain 'example.com' returns the correct mail exchange (MX) records using BIND9** **Server (Machine A) — DNS Server Setup (IPv4)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; // Listen on specific interfaces listen-on { 127.0.0.1; 192.168.1.10; }; // IP address of your DNS server allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 8.8.8.8; // Google DNS (optional: to forward unresolved queries) 8.8.4.4; }; listen-on-v6 { any; }; dnssec-validation auto; }; .. note:: * Replace ``192.168.1.10`` with the actual IP address you will assign to your DNS server. * Step-3 : Create a Forward Zone File .. code-block:: shell test:~$ sudo nano /etc/bind/db.example.com .. code-block:: shell $TTL 86400 @ IN SOA ns1.example.com. admin.example.com. ( 2023041401 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 86400 ) ; Minimum TTL IN NS ns1.example.com. ns1 IN A 192.168.1.10 @ IN A 192.168.1.10 ; The IP for example.com ; Mail Exchange (MX) Records @ IN MX 10 mail1.example.com. ; Priority 10, mail server @ IN MX 20 mail2.example.com. ; Priority 20, backup mail server mail1 IN A 192.168.1.11 ; IP address of the primary mail server mail2 IN A 192.168.1.12 ; IP address of the backup mail server .. note:: * Replace ``example.com`` with your desired domain name. * Replace ``192.168.1.10`` with the IP address of your DNS server. * ``192.168.1.11`` and ``192.168.1.12`` are example IP addresses for your mail servers. Adjust as needed. * Step-4 : Configure the Local Zones .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "example.com" { type master; file "/etc/bind/db.example.com"; }; .. note:: * Replace ``example.com`` with your desired domain name. * Step-5 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ifconfig enp43s0 192.168.1.10 up .. note:: * Replace ``enp43s0`` with your actual network interface name (e.g., eth0, ens33). * Replace ``192.168.1.10`` with the IP address you want to assign to your DNS server. * Step-6 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-7 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping 192.168.1.100 .. note:: * Replace ``192.168.1.100`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver 192.168.1.10 nameserver 8.8.8.8 # Optional: Secondary DNS server .. note:: * Replace ``192.168.1.10`` with the IP address of your DNS server. * This file might be overwritten by NetworkManager. For persistent changes, you might need to configure network settings via Netplan (Ubuntu 18.04+) or directly in network interface configuration files. * Step-2 : Test Ping to the DNS Server .. code-block:: shell test:~$ ping 192.168.1.10 .. note:: * This verifies basic network connectivity between the client and the DNS server. * Step-3 : Test DNS Resolution from the Client .. code-block:: shell test:~$ dig MX example.com ; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> MX example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24919 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 9d9b8d301694c44e010000006808b29660abe68903fd5f59 (good) ;; QUESTION SECTION: ;example.com. IN MX ;; ANSWER SECTION: example.com. 86400 IN MX 20 mail2.example.com. example.com. 86400 IN MX 10 mail1.example.com. ;; ADDITIONAL SECTION: mail1.example.com. 86400 IN A 192.168.1.11 mail2.example.com. 86400 IN A 192.168.1.12 ;; Query time: 0 msec ;; SERVER: 192.168.1.10#53(192.168.1.10) (UDP) ;; WHEN: Wed Apr 23 14:57:48 IST 2025 ;; MSG SIZE rcvd: 144 .. note:: * A list of MX records should be returned. * Each record should show a mail server hostname and its priority. * The hostnames should match your expected mail infrastructure (i.e., ``mail1.example.com`` and ``mail2.example.com``). * All expected MX records should be present. * Step-4 : Wireshark Capture :download:`Download wireshark capture ` **Test Case 4: DNS TXT Record Resolution** **Verify that the domain 'example.com' returns the expected TXT records for email validation and domain ownership** **Server (Machine A) — DNS Server Setup (IPv4)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; // Listen on specific interfaces listen-on { 127.0.0.1; 192.168.1.10; }; // IP address of your DNS server allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 8.8.8.8; // Google DNS (optional: to forward unresolved queries) 8.8.4.4; }; listen-on-v6 { any; }; dnssec-validation auto; }; .. note:: * Replace ``192.168.1.10`` with the actual IP address you will assign to your DNS server. * Step-3 : Create a Forward Zone File .. code-block:: shell test:~$ sudo nano /etc/bind/db.example.com .. code-block:: shell $TTL 86400 @ IN SOA ns1.example.com. admin.example.com. ( 2023041401 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 86400 ) ; Minimum TTL IN NS ns1.example.com. ns1 IN A 192.168.1.10 @ IN A 192.168.1.10 ; The IP for example.com ; TXT Records for email validation and domain ownership @ IN TXT "This is a TXT record for example.com" ; Custom TXT record .. note:: * Replace ``example.com`` with your desired domain name. * Replace ``192.168.1.10`` with the IP address of your DNS server. * The TXT record provided is now ``"This is a TXT record for example.com"``. * Step-4 : Configure the Local Zones .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "example.com" { type master; file "/etc/bind/db.example.com"; }; .. note:: * Replace ``example.com`` with your desired domain name. * Step-5 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ifconfig enp43s0 192.168.1.10 up .. note:: * Replace ``enp43s0`` with your actual network interface name (e.g., eth0, ens33). * Replace ``192.168.1.10`` with the IP address you want to assign to your DNS server. * Step-6 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-7 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping 192.168.1.100 .. note:: * Replace ``192.168.1.100`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver 192.168.1.10 nameserver 8.8.8.8 # Optional: Secondary DNS server .. note:: * Replace ``192.168.1.10`` with the IP address of your DNS server. * This file might be overwritten by NetworkManager. For persistent changes, you might need to configure network settings via Netplan (Ubuntu 18.04+) or directly in network interface configuration files. * Step-2 : Test Ping to the DNS Server .. code-block:: shell test:~$ ping 192.168.1.10 .. note:: * This verifies basic network connectivity between the client and the DNS server. * Step-3 : Test DNS Resolution from the Client .. code-block:: shell test:~$ dig TXT example.com ; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> TXT example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 144 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 13297e9d75a13dac010000006808b588c7288b1deb0c46d9 (good) ;; QUESTION SECTION: ;example.com. IN TXT ;; ANSWER SECTION: example.com. 86400 IN TXT "This is a TXT record for example.com" ;; Query time: 0 msec ;; SERVER: 192.168.1.10#53(192.168.1.10) (UDP) ;; WHEN: Wed Apr 23 15:10:24 IST 2025 ;; MSG SIZE rcvd: 117 .. note:: * Correct values should be returned for domain verification or email validation. * All expected TXT records should be returned. * Step-4 : Wireshark Capture :download:`Download wireshark capture ` **Test Case 5: Reverse DNS Lookup (PTR Record)** **Verify that a given IP address resolves to a domain name using a PTR record** **Server (Machine A) — DNS Server Setup (IPv4)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; // Listen on specific interfaces listen-on { 127.0.0.1; 192.168.1.10; }; // IP address of your DNS server allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 8.8.8.8; // Google DNS (optional: to forward unresolved queries) 8.8.4.4; }; listen-on-v6 { any; }; dnssec-validation auto; }; .. note:: * Replace ``192.168.1.10`` with the actual IP address you will assign to your DNS server. * Step-3 : Create a Reverse Zone File .. code-block:: shell test:~$ sudo nano /etc/bind/db.192 .. code-block:: shell $TTL 86400 @ IN SOA ns1.example.com. admin.example.com. ( 2023041401 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 86400 ) ; Minimum TTL IN NS ns1.example.com. 10 IN PTR example.com. ; PTR for 192.168.1.10 .. note:: * Replace ``example.com`` with your desired domain name. * The IP address ``192.168.1.10`` is used as an example. Adjust as needed. * The PTR record for ``10`` (last octet of 192.168.1.10) resolves to ``example.com.``. * Step-4 : Configure the Local Zones (Add Reverse Zone) .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "example.com" { type master; file "/etc/bind/db.example.com"; }; zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192"; }; .. note:: * Replace ``example.com`` with your desired domain name. * The ``1.168.192.in-addr.arpa`` zone is for reverse lookups of the 192.168.1.x network. * Step-5 : Check Zone File and Config .. code-block:: shell test:~$ sudo named-checkzone example.com /etc/bind/db.example.com test:~$ sudo named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.192 test:~$ sudo named-checkconf .. note:: * These commands verify the syntax and integrity of your zone files and BIND configuration. * Step-6 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ifconfig enp43s0 192.168.1.10 up .. note:: * Replace ``enp43s0`` with your actual network interface name (e.g., eth0, ens33). * Replace ``192.168.1.10`` with the IP address you want to assign to your DNS server. * Step-7 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-8 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping 192.168.1.100 .. note:: * Replace ``192.168.1.100`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver 192.168.1.10 nameserver 8.8.8.8 # Optional: Secondary DNS server .. note:: * Replace ``192.168.1.10`` with the IP address of your DNS server. * This file might be overwritten by NetworkManager. For persistent changes, you might need to configure network settings via Netplan (Ubuntu 18.04+) or directly in network interface configuration files. * Step-2 : Configure Client's Network Interface .. code-block:: shell test:~$ sudo ifconfig enp43s0 192.168.1.100 up .. note:: * Replace ``enp43s0`` with your actual network interface name (e.g., eth0, ens33). * Replace ``192.168.1.100`` with the IP address you want to assign to your client machine. * Step-3 : Verify PTR Record .. code-block:: shell test:~$ dig -x 192.168.1.10 ; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> -x 192.168.1.10 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3284 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 2e3dbc97126ad3b5010000006808b8701d4af63e0f47bd98 (good) ;; QUESTION SECTION: ;10.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 10.1.168.192.in-addr.arpa. 86400 IN PTR example.com. ;; Query time: 0 msec ;; SERVER: 192.168.1.10#53(192.168.1.10) (UDP) ;; WHEN: Wed Apr 23 15:22:48 IST 2025 ;; MSG SIZE rcvd: 107 .. note:: * If a PTR record exists, the domain name should be returned. * The response should show the ``PTR`` record under the ``ANSWER SECTION``. * A valid PTR record is returned, resolving the IP to a domain name. * Step-4 : Wireshark Capture :download:`Download wireshark capture ` **Test Case 6: Non-existent Domain Lookup (NXDOMAIN)** **Verify that querying a domain that does not exist returns the NXDOMAIN response** **Server (Machine A) — DNS Server Setup (IPv4)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; // Listen on specific interfaces listen-on { 127.0.0.1; 192.168.1.10; }; // IP address of your DNS server allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 8.8.8.8; // Google DNS (optional: to forward unresolved queries) 8.8.4.4; }; listen-on-v6 { any; }; dnssec-validation auto; }; .. note:: * Replace ``192.168.1.10`` with the actual IP address you will assign to your DNS server. * Step-3 : Create a Forward Zone File .. code-block:: shell test:~$ sudo nano /etc/bind/db.example.com .. code-block:: shell $TTL 86400 @ IN SOA ns1.example.com. admin.example.com. ( 2023041401 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 86400 ) ; Minimum TTL IN NS ns1.example.com. ns1 IN A 192.168.1.10 @ IN A 192.168.1.10 ; The IP for example.com .. note:: * Replace ``example.com`` with your desired domain name. * Replace ``192.168.1.10`` with the IP address of your DNS server. * This file defines the existing domain for which we will query a non-existent subdomain. * Step-4 : Configure the Local Zones .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "example.com" { type master; file "/etc/bind/db.example.com"; }; .. note:: * Replace ``example.com`` with your desired domain name. * Step-5 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ifconfig enp43s0 192.168.1.10 up .. note:: * Replace ``enp43s0`` with your actual network interface name (e.g., eth0, ens33). * Replace ``192.168.1.10`` with the IP address you want to assign to your DNS server. * Step-6 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-7 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping 192.168.1.100 .. note:: * Replace ``192.168.1.100`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver 192.168.1.10 nameserver 8.8.8.8 # Optional: Secondary DNS server .. note:: * Replace ``192.168.1.10`` with the IP address of your DNS server. * This file might be overwritten by NetworkManager. For persistent changes, you might need to configure network settings via Netplan (Ubuntu 18.04+) or directly in network interface configuration files. * Step-2 : Configure Client's Network Interface .. code-block:: shell test:~$ sudo ifconfig enp43s0 192.168.1.100 up .. note:: * Replace ``enp43s0`` with your actual network interface name (e.g., eth0, ens33). * Replace ``192.168.1.100`` with the IP address you want to assign to your client machine. * Step-3 : Verify NXDOMAIN Response .. code-block:: shell test:~$ dig no-such-domain.example.com ; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> no-such-domain.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2520 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 269438843149c8dd010000006808c0c5b345e6a045397176 (good) ;; QUESTION SECTION: ;no-such-domain.example.com. IN A ;; AUTHORITY SECTION: example.com. 86400 IN SOA ns1.example.com. admin.example.com. 2023041402 3600 1800 1209600 86400 ;; Query time: 0 msec ;; SERVER: 192.168.1.10#53(192.168.1.10) (UDP) ;; WHEN: Wed Apr 23 15:58:21 IST 2025 ;; MSG SIZE rcvd: 129 .. note:: * The DNS query should return a response with 'status: NXDOMAIN'. * No IP address or other records should be returned. * Step-4 : Wireshark Capture :download:`Download wireshark capture ` **Test Case 7: Query Incorrect Record Type** **Verify that querying an AAAA record for a domain that only has A record returns no answer** **Server (Machine A) — DNS Server Setup (IPv4)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; // Listen on specific interfaces listen-on { 127.0.0.1; 192.168.1.10; }; // IP address of your DNS server allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 8.8.8.8; // Google DNS (optional: to forward unresolved queries) 8.8.4.4; }; listen-on-v6 { any; }; dnssec-validation auto; }; .. note:: * Replace ``192.168.1.10`` with the actual IP address you will assign to your DNS server. * Step-3 : Create a Forward Zone File(with A or CNAME but no AAAA) .. code-block:: shell test:~$ sudo nano /etc/bind/db.example.com .. code-block:: shell $TTL 86400 @ IN SOA ns1.example.com. admin.example.com. ( 2023041401 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 86400 ) ; Minimum TTL IN NS ns1.example.com. ns1 IN A 192.168.1.10 @ IN A 192.168.1.10 ; The IP for example.com ipv4 IN A 192.168.1.20 ; A record for ipv4.example.com .. note:: * Replace ``example.com`` with your desired domain name. * Replace ``192.168.1.10`` and ``192.168.1.20`` with appropriate IP addresses. * This file defines records that are NOT AAAA records. We will query for AAAA on ``ipv4.example.com``. * Step-4 : Configure the Local Zones .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "example.com" { type master; file "/etc/bind/db.example.com"; }; .. note:: * Replace ``example.com`` with your desired domain name. * Step-5 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ifconfig enp43s0 192.168.1.10 up .. note:: * Replace ``enp43s0`` with your actual network interface name (e.g., eth0, ens33). * Replace ``192.168.1.10`` with the IP address you want to assign to your DNS server. * Step-6 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-7 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping 192.168.1.100 .. note:: * Replace ``192.168.1.100`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver 192.168.1.10 nameserver 8.8.8.8 # Optional: Secondary DNS server .. note:: * Replace ``192.168.1.10`` with the IP address of your DNS server. * This file might be overwritten by NetworkManager. For persistent changes, you might need to configure network settings via Netplan (Ubuntu 18.04+) or directly in network interface configuration files. * Step-2 : Test Ping to the DNS Server .. code-block:: shell test:~$ ping 192.168.1.10 .. note:: * This verifies basic network connectivity between the client and the DNS server. * Step-3 : Test DNS Resolution from the Client .. code-block:: shell test:~$ dig AAAA ipv4.example.com .. note:: * No AAAA record is returned. * The response should include: * 'status: NOERROR' (domain exists) * 'ANSWER SECTION:' is empty. * Step-4 : Wireshark Capture :download:`Download wireshark capture ` **Test Case 8: Unreachable DNS Server** **To verify that DNS queries fail when the DNS server is unreachable at the network level** **Server (Machine A) — DNS Server Setup (IPv4)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; // Listen on specific interfaces listen-on { 127.0.0.1; 192.168.1.10; }; // IP address of your DNS server allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 8.8.8.8; // Google DNS (optional: to forward unresolved queries) 8.8.4.4; }; listen-on-v6 { any; }; dnssec-validation auto; }; .. note:: * Replace ``192.168.1.10`` with the actual IP address you will assign to your DNS server. * Step-3 : Create a Forward Zone File .. code-block:: shell test:~$ sudo nano /etc/bind/db.example.com .. code-block:: shell $TTL 86400 @ IN SOA ns1.example.com. admin.example.com. ( 2023041401 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 86400 ) ; Minimum TTL IN NS ns1.example.com. ns1 IN A 192.168.1.10 @ IN A 192.168.1.10 ; The IP for example.com .. note:: * Replace ``example.com`` with your desired domain name. * Replace ``192.168.1.10`` with the IP address of your DNS server. * Step-4 : Configure the Local Zones .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "example.com" { type master; file "/etc/bind/db.example.com"; }; .. note:: * Replace ``example.com`` with your desired domain name. * Step-5 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ifconfig enp43s0 192.168.1.10 up .. note:: * Replace ``enp43s0`` with your actual network interface name (e.g., eth0, ens33). * Replace ``192.168.1.10`` with the IP address you want to assign to your DNS server. * Step-6 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-7 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping 192.168.1.100 .. note:: * Replace ``192.168.1.100`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver 192.168.1.1 # This is an example of an unreachable IP address # nameserver 192.168.1.10 # This line should be commented out or removed nameserver 8.8.8.8 # Optional: Secondary DNS server, but if primary is unreachable, this will be tried .. note:: * **IMPORTANT:** Set the primary ``nameserver`` to an IP address that is *not* reachable by Client (e.g., an IP not active on your network segment, like ``192.168.1.1``). This is crucial for the test. * This file might be overwritten by NetworkManager. For persistent changes, you might need to configure network settings via Netplan (Ubuntu 18.04+) or directly in network interface configuration files. * Step-2 : Verify Unreachable Server Handling .. code-block:: shell test:~$ dig example.com .. note:: * The DNS query should fail with a timeout or network unreachable error, as `dig` will attempt to use the nameserver configured in `/etc/resolv.conf`. * No DNS response is returned. * The status 'network unreachable' and no ANSWER SECTION should be observed. * Step-3 : Wireshark Capture :download:`Download wireshark capture ` **Test Case 9: DNS Cache Verification and TTL Expiry** **To verify DNS caching behavior and Time-To-Live (TTL) expiry** **Server (Machine A) — DNS Server Setup (IPv4)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; // Listen on specific interfaces listen-on { 127.0.0.1; 192.168.1.10; }; // IP address of your DNS server allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 8.8.8.8; // Google DNS (optional: to forward unresolved queries) 8.8.4.4; }; listen-on-v6 { any; }; dnssec-validation auto; }; .. note:: * Replace ``192.168.1.10`` with the actual IP address you will assign to your DNS server. * Step-3 : Create a Forward Zone File .. code-block:: shell test:~$ sudo nano /etc/bind/db.example.com .. code-block:: shell $TTL 60 @ IN SOA ns1.example.com. admin.example.com. ( 2023041401 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 60 ) ; Minimum TTL IN NS ns1.example.com. ns1 IN A 192.168.1.10 ; IP of your DNS server www IN A 192.168.1.10 ; Example record: www.example.com points to server test IN A 192.168.1.20 ; Another example: test.example.com points to a different IP .. note:: * Replace ``example.com`` with your desired domain name. * The IP address ``192.168.1.10`` is used as an example. Adjust as needed. * Step-4 : Create a Reverse Zone File .. code-block:: shell test:~$ sudo nano /etc/bind/db.192 .. code-block:: shell $TTL 60 @ IN SOA ns1.example.com. admin.example.com. ( 2023041401 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 60 ) ; Minimum TTL IN NS ns1.example.com. 10 IN PTR ns1.example.com. ; 192.168.1.10 10 IN PTR www.example.com. ; 192.168.1.10 20 IN PTR test.example.com. ; 192.168.1.20 .. note:: * Replace ``example.com`` with your desired domain name. * The IP address ``192.168.1.10`` is used as an example. Adjust as needed. * The PTR record for ``10`` (last octet of 192.168.1.10) resolves to ``www.example.com.``. * Step-5 : Configure the Local Zones (Add Reverse Zone) .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "example.com" { type master; file "/etc/bind/db.example.com"; }; zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192"; }; .. note:: * Replace ``example.com`` with your desired domain name. * The ``1.168.192.in-addr.arpa`` zone is for reverse lookups of the 192.168.1.x network. * Step-6 : Check Zone File and Config .. code-block:: shell test:~$ sudo named-checkconf test:~$ sudo named-checkzone example.com /etc/bind/db.example.com test:~$ sudo named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.192 test:~$ sudo named-checkconf .. note:: * These commands verify the syntax and integrity of your zone files and BIND configuration. * Step-7 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ifconfig enp43s0 192.168.1.10 up .. note:: * Replace ``enp43s0`` with your actual network interface name (e.g., eth0, ens33). * Replace ``192.168.1.10`` with the IP address you want to assign to your DNS server. * Step-8 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-9 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping 192.168.1.100 .. note:: * Replace ``192.168.1.100`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Install dnsmasq and dig .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install dnsmasq dnsutils -y * Step-2 : Configure dnsmasq .. code-block:: shell test:~$ sudo nano /etc/dnsmasq.conf .. code-block:: shell server=192.168.1.10 # Points dnsmasq to your BIND9 server domain=example.com # Helps in resolving 'www' instead of 'www.example.com' * Step-3 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo systemctl disable systemd-resolved test:~$ sudo echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf test:~$ sudo echo "search example.com" | sudo tee -a /etc/resolv.conf .. note:: * This file might be overwritten by NetworkManager. For persistent changes, you might need to configure network settings via Netplan (Ubuntu 18.04+) or directly in network interface configuration files. * Step-4 : Configure Client's Network Interface .. code-block:: shell test:~$ sudo ifconfig enp43s0 192.168.1.100 up .. note:: * Replace ``enp43s0`` with your actual network interface name (e.g., eth0, ens33). * Replace ``192.168.1.100`` with the IP address you want to assign to your client machine. * Step-5 : Restart and Check dnsmasq Status .. code-block:: shell test:~$ sudo systemctl restart dnsmasq test:~$ sudo systemctl status dnsmasq .. note:: * Ensure that the dnsmasq service is running without errors. If there are issues, check the logs with ``sudo journalctl -u dnsmasq``. * Step-6 : Perform the Test and Observe * Start Wireshark **A) First Query:** .. code-block:: shell test:~$ dig example.com .. note:: * Wireshark: You should immediately see a DNS query packet from ``192.168.1.100`` to ``192.168.1.10`` and a DNS response packet coming back. * Expand the DNS response packet in Wireshark. In the "Answer" section, you should see ``example.com`` resolving to ``192.168.1.10`` and the TTL explicitly displayed as **60 seconds**. * Terminal (dig output):The output will show ``example.com``'s IP address and a TTL value of **60 seconds** in the ANSWER SECTION. **B) Second Query (within 60 seconds):** .. code-block:: shell test:~$ dig example.com .. note:: * Wireshark: You should **NOT** see any new DNS query or response packets exchanged between ``192.168.1.100`` and ``192.168.1.10``. This is the key proof of caching! dnsmasq served the request from its local cache. * Terminal (dig output): The output will still show the correct IP address for ``example.com``, but the TTL value will be less than 60 (e.g., 40-50 seconds), indicating it's the remaining time from the cached entry. **C) Third Query (after 60 seconds):** .. code-block:: shell test:~$ dig example.com .. note:: * **Wireshark:** You **SHOULD** now see new DNS query and response packets between ``192.168.1.100`` and ``192.168.1.10``. This shows dnsmasq's cache expired, and it made a fresh query to DUT1. * **Terminal (dig output):** The output will show the correct IP address, and the TTL value will be reset back to **60 seconds**, confirming a fresh lookup. * Step-7 : Wireshark Capture :download:`Download wireshark capture ` .. _DNS_step21: .. tab-set:: .. tab-item:: Test Case 1: DNS AAAA Record Resolution with IPv6 **Verify DNS AAAA record resolution (IPv6) between two Ubuntu VMs (Server and Client) using BIND9** **Server (Machine A) — DNS Server Setup (IPv6)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 8.8.8.8; // Google DNS (optional: to forward unresolved queries) 8.8.4.4; 2001:4860:4860::8888; 2001:4860:4860::8844; }; listen-on-v6 { ::1;fd00::10; }; dnssec-validation auto; }; .. note:: * The server will listen for IPv6 queries on `fd00::10`. * Step-3 : Create a Forward Zone File for IPv6 Domain .. code-block:: shell test:~$ sudo nano /etc/bind/db.example.com .. code-block:: shell $TTL 86400 @ IN SOA ns1.example.com. admin.example.com. ( 2025072301 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 86400 ) ; Minimum TTL IN NS ns1.example.com. ns1 IN AAAA fd00::10 @ IN AAAA fd00::10 .. note:: * The domain name configured is ``example.com``. * The DNS server's IPv6 address is ``fd00::10``. * Step-4 : Configure the Local Zones .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "example.com" { type master; file "/etc/bind/db.example.com"; }; .. note:: * Replace ``example.com`` with your desired domain name. * Step-5 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ip -6 addr add fd00::10/64 dev enp0s8 test:~$ sudo ip link set enp0s8 up .. note:: * The IPv6 address ``fd00::10/64`` is assigned to the interface ``enp0s8``. Replace `enp0s8` with your actual server interface name. * Step-6 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 ● named.service - BIND Domain Name Server Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: enabled) Active: active (running) since Thu 2025-07-24 12:35:06 UTC; 2s ago Docs: man:named(8) Main PID: 1669 (named) Tasks: 1 (limit: 2267) Memory: 5.8M (peak: 6.2M) CPU: 48ms CGroup: /system.slice/named.service └─1669 /usr/sbin/named -f -u bind Jul 24 12:35:06 sysadmin named[1669]: network unreachable resolving './NS/IN': 2001:500:2::c#53 Jul 24 12:35:06 sysadmin named[1669]: network unreachable resolving './NS/IN': 2001:500:2d::d#53 Jul 24 12:35:06 sysadmin named[1669]: network unreachable resolving './NS/IN': 2001:500:12::d0d#53 Jul 24 12:35:06 sysadmin named[1669]: network unreachable resolving './NS/IN': 2001:dc3::35#53 Jul 24 12:35:06 sysadmin named[1669]: network unreachable resolving './NS/IN': 2001:500:1::53#53 Jul 24 12:35:06 sysadmin named[1669]: network unreachable resolving './NS/IN': 2001:500:a8::e#53 Jul 24 12:35:06 sysadmin named[1669]: network unreachable resolving './NS/IN': 2001:500:9f::42#53 Jul 24 12:35:06 sysadmin named[1669]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53 Jul 24 12:35:06 sysadmin named[1669]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete) Jul 24 12:35:06 sysadmin named[1669]: managed-keys-zone: Key 38696 for zone . is now trusted (acceptance timer complete) .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-7 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping fd00::100 .. note:: * Replace ``fd00::100`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv6)** * Step-1 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver fd00::10 .. note:: * Replace ``fd00::10`` with the IP address of your DNS server. * This file might be overwritten by NetworkManager. For persistent changes, you might need to configure network settings via Netplan (Ubuntu 18.04+) or directly in network interface configuration files. * Step-2 : Assign IPv6 to Client Interface .. code-block:: shell test:~$ sudo ip -6 addr add fd00::100/64 dev enp0s8 test:~$ sudo ip link set enp0s8 up .. note:: * The IPv6 address ``fd00::100/64`` is assigned to the interface ``enp0s8``. Replace `enp0s8` with your actual client interface name. * Step-3 : Test DNS Resolution from the Client .. code-block:: shell test:~$ dig example.com AAAA ; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> example.com AAAA ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57985 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: e39fc51356e0bbd301000006882820caa36589aaac4be4b (good) ;; QUESTION SECTION: ;example.com. IN AAAA ;; ANSWER SECTION: example.com. 86400 IN AAAA fd00::10 ;; Query time: 2 msec ;; SERVER: fd00::10#53(fd00::10) (UDP) ;; WHEN: Thu Jul 24 12:33:16 UTC 2025 ;; MSG SIZE rcvd: 96 test:~$ ping6 example.com PING example.com(fd00::10) 56 data bytes 64 bytes from fd00::10: icmp_seq=1 ttl=64 time=1.35 ms 64 bytes from fd00::10: icmp_seq=2 ttl=64 time=0.817 ms 64 bytes from fd00::10: icmp_seq=3 ttl=64 time=1.57 ms 64 bytes from fd00::10: icmp_seq=4 ttl=64 time=0.914 ms 64 bytes from fd00::10: icmp_seq=5 ttl=64 time=0.839 ms --- example.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4141ms rtt min/avg/max/mdev = 0.817/1.096/1.567/0.303 ms .. note:: * `dig` should return the IPv6 address ``fd00::10``. * `ping6` should succeed. * Step-4 : Wireshark Capture :download:`Download wireshark capture ` .. tab-item:: Test Case 2: DNS CNAME Record Resolution with IPv6 **Verify that DNS is able to resolve IPv6 address with CNAME record using BIND9** **Server (Machine A) — DNS Server Setup (IPv6)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 2001:4860:4860::8888; 2001:4860:4860::8844; }; listen-on-v6 { ::1;fd00::10; }; dnssec-validation auto; }; .. note:: * The server will listen for IPv6 queries on `fd00::10`. * Step-3 : Create a Forward Zone File for IPv6 Domain .. code-block:: shell test:~$ sudo nano /etc/bind/db.webserveripv6.conf .. code-block:: shell $TTL 86400 @ IN SOA ns1.webserveripv6.com. admin.webserveripv6.com. ( 2025072301 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 86400 ) ; Minimum TTL IN NS ns1.webserveripv6.com. ns1 IN AAAA fd00::10 @ IN AAAA fd00::10 alias IN CNAME webserveripv6.com. .. note:: * The domain name configured is ``webserveripv6.com``. * The DNS server's IPv6 address is ``fd00::10``. * Step-4 : Configure the Local Zones .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "webserveripv6.com" { type master; file "/etc/bind/db.webserveripv6.conf"; }; .. note:: * Replace ``webserveripv6.com`` with your desired domain name. * Step-5 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ip -6 addr add fd00::10/64 dev enp0s8 test:~$ sudo ip link set enp0s8 up .. note:: * The IPv6 address ``fd00::10/64`` is assigned to the interface ``enp0s8``. Replace `enp0s8` with your actual server interface name. * Step-6 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 ● named.service - BIND Domain Name Server Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: enabled) Active: active (running) since Thu 2025-07-24 12:48:51 UTC; 1s ago Docs: man:named(8) Main PID: 1835 (named) Status: "running" Tasks: 10 (limit: 2267) Memory: 5.9M (peak: 6.2M) CPU: 50ms CGroup: /system.slice/named.service └─1835 /usr/sbin/named -f -u bind Jul 24 12:48:51 sysadmin named[1835]: network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53 Jul 24 12:48:51 sysadmin named[1835]: network unreachable resolving './NS/IN': 2001:500:2f::f#53 Jul 24 12:48:51 sysadmin named[1835]: network unreachable resolving './NS/IN': 2001:500:2f::f#53 Jul 24 12:48:51 sysadmin named[1835]: network unreachable resolving './NS/IN': 2001:500:2::c#53 Jul 24 12:48:51 sysadmin named[1835]: network unreachable resolving './DNSKEY/IN': 2001:4860:4860::8844#53 Jul 24 12:48:51 sysadmin named[1835]: network unreachable resolving './DNSKEY/IN': 2001:4860:4860::8888#53 Jul 24 12:48:51 sysadmin named[1835]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete) Jul 24 12:48:51 sysadmin named[1835]: managed-keys-zone: Key 38696 for zone . is now trusted (acceptance timer complete) .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-7 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping fd00::100 .. note:: * Replace ``fd00::100`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver fd00::10 .. note:: * Replace ``fd00::10`` with the IP address of your DNS server. * This file might be overwritten by NetworkManager. For persistent changes, you might need to configure network settings via Netplan (Ubuntu 18.04+) or directly in network interface configuration files. * Step-2 : Assign IPv6 to Client Interface .. code-block:: shell test:~$ sudo ip -6 addr add fd00::100/64 dev enp0s8 test:~$ sudo ip link set enp0s8 up .. note:: * The IPv6 address ``fd00::100/64`` is assigned to the interface ``enp0s8``. Replace `enp0s8` with your actual client interface name. * Step-3 : Test DNS Resolution from the Client .. code-block:: shell test:~$ dig AAAA alias.webserveripv6.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> AAAA alias.webserveripv6.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3998 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 918f3cacd4d1a6d01000000066822bcb4e538d3956507f5 (good) ;; QUESTION SECTION: ;alias.webserveripv6.com. IN AAAA ;; ANSWER SECTION: alias.webserveripv6.com. 86400 IN CNAME webserveripv6.com. webserveripv6.com. 86400 IN AAAA fd00::10 ;; Query time: 2 msec ;; SERVER: fd00::10#53(fd00::10) (UDP) ;; WHEN: Thu Jul 24 12:49:15 UTC 2025 ;; MSG SIZE rcvd: 122 test:~$ ping6 alias.webserveripv6.com PING alias.webserveripv6.com(fd00::10) 56 data bytes 64 bytes from fd00::10: icmp_seq=1 ttl=64 time=1.95 ms 64 bytes from fd00::10: icmp_seq=2 ttl=64 time=2.48 ms 64 bytes from fd00::10: icmp_seq=3 ttl=64 time=2.22 ms ^C --- alias.webserveripv6.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2241ms rtt min/avg/max/mdev = 1.948/2.214/2.478/0.216 ms .. note:: * `dig` should return the IPv6 address ``fd00::10`` for `alias.webserveripv6.com` through the CNAME record. * `ping6` should succeed. * Step-4 : Wireshark Capture :download:`Download wireshark capture ` .. tab-item:: Test Case 3: DNS MX Record with IPv6 **Verify that DNS is able to resolve IPv6 address with MX mail record using BIND9** **Server (Machine A) — DNS Server Setup (IPv6)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 2001:4860:4860::8888; 2001:4860:4860::8844; }; listen-on-v6 { ::1;fd00::10; }; dnssec-validation auto; }; .. note:: * The server will listen for IPv6 queries on `fd00::10`. * Step-3 : Create a Forward Zone File for IPv6 Domain .. code-block:: shell test:~$ sudo nano /etc/bind/db.webserveripv6.conf .. code-block:: shell $TTL 86400 @ IN SOA ns1.webserveripv6.com. admin.webserveripv6.com. ( 2025072301 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 86400 ) ; Minimum TTL IN NS ns1.webserveripv6.com. ns1 IN AAAA fd00::10 @ IN AAAA fd00::10 @ IN MX 10 mail.webserveripv6.com. mail IN AAAA fd00::15 .. note:: * The domain name configured is ``webserveripv6.com``. * The DNS server's IPv6 address is ``fd00::10``. * An MX record is added for `webserveripv6.com` pointing to `mail.webserveripv6.com` with a preference of 10. * An AAAA record is added for `mail.webserveripv6.com` with the IPv6 address `fd00::15`. * Step-4 : Configure the Local Zones .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "webserveripv6.com" { type master; file "/etc/bind/db.webserveripv6.conf"; }; .. note:: * Replace ``webserveripv6.com`` with your desired domain name. * Step-5 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ip -6 addr add fd00::10/64 dev enp0s8 test:~$ sudo ip link set enp0s8 up .. note:: * The IPv6 address ``fd00::10/64`` is assigned to the interface ``enp0s8``. Replace `enp0s8` with your actual server interface name. * Step-6 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 ● named.service - BIND Domain Name Server Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: enabled) Active: active (running) since Fri 2025-07-25 04:45:08 UTC; 2s ago Docs: man:named(8) Main PID: 1277 (named) Status: "running" Tasks: 10 (limit: 2267) Memory: 5.9M (peak: 6.4M) CPU: 53ms CGroup: /system.slice/named.service └─1277 /usr/sbin/named -f -u bind Jul 25 04:45:08 sysadmin named[1277]: network unreachable resolving './DNSKEY/IN': 2001:500:3f::42#53 Jul 25 04:45:08 sysadmin named[1277]: network unreachable resolving './DNSKEY/IN': 2001:500:3f::42#53 Jul 25 04:45:08 sysadmin named[1277]: network unreachable resolving './DNSKEY/IN': 2001:4f88:8e0:4000::8084#53 Jul 25 04:45:08 sysadmin named[1277]: network unreachable resolving './DNSKEY/IN': 2001:4f88:8e0:4000::8088#53 Jul 25 04:45:08 sysadmin named[1277]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53 Jul 25 04:45:08 sysadmin named[1277]: network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53 Jul 25 04:45:08 sysadmin named[1277]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53 Jul 25 04:45:08 sysadmin named[1277]: network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53 Jul 25 04:45:08 sysadmin named[1277]: managed-keys-zone: key 20326 for zone . is now trusted (acceptance timer complete) Jul 25 04:45:08 sysadmin named[1277]: managed-keys-zone: key 38696 for zone . is now trusted (acceptance timer complete) .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-7 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping fd00::100 .. note:: * Replace ``fd00::100`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver fd00::10 .. note:: * Replace ``fd00::10`` with the IP address of your DNS server. * This file might be overwritten by NetworkManager. For persistent changes, you might need to configure network settings via Netplan (Ubuntu 18.04+) or directly in network interface configuration files. * Step-2 : Assign IPv6 to Client Interface .. code-block:: shell test:~$ sudo ip -6 addr add fd00::100/64 dev enp0s8 test:~$ sudo ip link set enp0s8 up .. note:: * The IPv6 address ``fd00::100/64`` is assigned to the interface ``enp0s8``. Replace `enp0s8` with your actual client interface name. * Step-3 : Test DNS Resolution from the Client .. code-block:: shell test:~$ dig MX webserveripv6.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> webserveripv6.com MX ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40746 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: a373394e51b7e5a01000000066830b75159d267621438f (good) ;; QUESTION SECTION: ;webserveripv6.com. IN MX ;; ANSWER SECTION: webserveripv6.com. 86400 IN MX 10 mail.webserveripv6.com. ;; ADDITIONAL SECTION: mail.webserveripv6.com. 86400 IN AAAA fd00::15 ;; Query time: 2 msec ;; SERVER: fd00::10#53(fd00::10) (UDP) ;; WHEN: Fri Jul 25 04:43:55 UTC 2025 ;; MSG SIZE rcvd: 123 test:~$ dig AAAA mail.webserveripv6.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> AAAA mail.webserveripv6.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52170 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 2514d4036c8365a0100000006683094cbccc0852d62ef68b (good) ;; QUESTION SECTION: ;mail.webserveripv6.com. IN AAAA ;; ANSWER SECTION: mail.webserveripv6.com. 86400 IN AAAA fd00::15 ;; Query time: 2 msec ;; SERVER: fd00::10#53(fd00::10) (UDP) ;; WHEN: Fri Jul 25 04:44:04 UTC 2025 ;; MSG SIZE rcvd: 107 test:~$ ping6 webserveripv6.com PING webserveripv6.com(fd00::10) 56 data bytes 64 bytes from fd00::10: icmp_seq=1 ttl=64 time=2.09 ms 64 bytes from fd00::10: icmp_seq=2 ttl=64 time=2.14 ms 64 bytes from fd00::10: icmp_seq=3 ttl=64 time=1.82 ms ^C --- webserveripv6.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2045ms rtt min/avg/max/mdev = 1.810/2.016/2.136/0.141 ms .. note:: * `dig MX webserveripv6.com` should return the MX record pointing to `mail.webserveripv6.com`. * `dig AAAA mail.webserveripv6.com` should return the IPv6 address `fd00::15`. * `ping6 webserveripv6.com` should succeed. * Step-4 : Wireshark Capture :download:`Download wireshark capture ` .. tab-item:: Test Case 4: DNS TXT Record with IPv6 **Verify that DNS is able to resolve IPv6 address with TXT record using BIND9** **Server (Machine A) — DNS Server Setup (IPv6)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 2001:4860:4860::8888; 2001:4860:4860::8844; }; listen-on-v6 { ::1;fd00::10; }; dnssec-validation auto; }; .. note:: * The server will listen for IPv6 queries on `fd00::10`. * Step-3 : Create a Forward Zone File for IPv6 Domain .. code-block:: shell test:~$ sudo nano /etc/bind/db.webserveripv6.conf .. code-block:: shell $TTL 86400 @ IN SOA ns1.webserveripv6.com. admin.webserveripv6.com. ( 2025072301 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 86400 ) ; Minimum TTL IN NS ns1.webserveripv6.com. ns1 IN AAAA fd00::10 @ IN AAAA fd00::10 test IN TXT "This is an IPv6 TXT Record" .. note:: * The domain name configured is ``webserveripv6.com``. * The DNS server's IPv6 address is ``fd00::10``. * A TXT record is added for `test.webserveripv6.com` with the value "This is an IPv6 TXT Record". * Step-4 : Configure the Local Zones .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "webserveripv6.com" { type master; file "/etc/bind/db.webserveripv6.conf"; }; .. note:: * Replace ``webserveripv6.com`` with your desired domain name. * Step-5 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ip -6 addr add fd00::10/64 dev enp0s8 test:~$ sudo ip link set enp0s8 up .. note:: * The IPv6 address ``fd00::10/64`` is assigned to the interface ``enp0s8``. Replace `enp0s8` with your actual server interface name. * Step-6 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 ● named.service - BIND Domain Name Server Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: enabled) Active: active (running) since Fri 2025-07-25 05:09:42 UTC; 1s ago Docs: man:named(8) Main PID: 1559 (named) Status: "running" Tasks: 10 (limit: 2267) Memory: 5.9M (peak: 6.4M) CPU: 55ms CGroup: /system.slice/named.service └─1559 /usr/sbin/named -f -u bind Jul 25 05:09:42 sysadmin named[1559]: network unreachable resolving './.NS/IN': 2001:500:a8::e#53 Jul 25 05:09:42 sysadmin named[1559]: network unreachable resolving './.DNSKEY/IN': 2001:500:a8::e#53 Jul 25 05:09:42 sysadmin named[1559]: network unreachable resolving './.NS/IN': 2001:500:2::c#53 Jul 25 05:09:42 sysadmin named[1559]: network unreachable resolving './.DNSKEY/IN': 2001:500:2::c#53 Jul 25 05:09:42 sysadmin named[1559]: network unreachable resolving './.DNSKEY/IN': 2001:4f88:8e0:4000::8088#53 Jul 25 05:09:42 sysadmin named[1559]: network unreachable resolving './.DNSKEY/IN': 2001:4f88:8e0:4000::8084#53 Jul 25 05:09:42 sysadmin named[1559]: network unreachable resolving './.DNSKEY/IN': 2001:503:c27::2:30#53 Jul 25 05:09:42 sysadmin named[1559]: network unreachable resolving './.DNSKEY/IN': 2001:7fe::53#53 Jul 25 05:09:42 sysadmin named[1559]: managed-keys-zone: key 20326 for zone . is now trusted (acceptance timer complete) Jul 25 05:09:42 sysadmin named[1559]: managed-keys-zone: key 38696 for zone . is now trusted (acceptance timer complete) .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-7 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping fd00::100 .. note:: * Replace ``fd00::100`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver fd00::10 .. note:: * Replace ``fd00::10`` with the IP address of your DNS server. * This file might be overwritten by NetworkManager. For persistent changes, you might need to configure network settings via Netplan (Ubuntu 18.04+) or directly in network interface configuration files. * Step-2 : Assign IPv6 to Client Interface .. code-block:: shell test:~$ sudo ip -6 addr add fd00::100/64 dev enp0s8 test:~$ sudo ip link set enp0s8 up .. note:: * The IPv6 address ``fd00::100/64`` is assigned to the interface ``enp0s8``. Replace `enp0s8` with your actual client interface name. * Step-3 : Test DNS Resolution from the Client .. code-block:: shell test:~$ dig AAAA webserveripv6.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> AAAA webserveripv6.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41410 ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 813495c5bc5de50100000000668311a411278f87e6bfcc9c (good) ;; QUESTION SECTION: ;webserveripv6.com. IN AAAA ;; ANSWER SECTION: webserveripv6.com. 86400 IN AAAA fd00::10 ;; Query time: 2 msec ;; SERVER: fd00::10#53(fd00::10) (UDP) ;; WHEN: Fri Jul 25 05:09:57 UTC 2025 ;; MSG SIZE rcvd: 102 test:~$ dig TXT test.webserveripv6.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> TXT test.webserveripv6.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19866 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: e2ef3cb5b8ad5f363001000000668311a8689f7404d98ded89 (good) ;; QUESTION SECTION: ;test.webserveripv6.com. IN TXT ;; ANSWER SECTION: test.webserveripv6.com. 86400 IN TXT "This is an IPv6 TXT Record" ;; Query time: 2 msec ;; SERVER: fd00::10#53(fd00::10) (UDP) ;; WHEN: Fri Jul 25 05:10:00 UTC 2025 ;; MSG SIZE rcvd: 118 .. note:: * `dig TXT test.webserveripv6.com` should return the TXT record "This is an IPv6 TXT Record". * Step-4 : Wireshark Capture :download:`Download wireshark capture ` .. tab-item:: Test Case 5: DNS NXDOMAIN with IPv6 **Verify that DNS is able to respond with NXDOMAIN for a non-existing IPv6 record using BIND9** **Server (Machine A) — DNS Server Setup (IPv6)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 2001:4860:4860::8888; 2001:4860:4860::8844; }; listen-on-v6 { ::1;fd00::10; }; dnssec-validation auto; }; .. note:: * The server will listen for IPv6 queries on `fd00::10`. * Step-3 : Create a Forward Zone File for IPv6 Domain .. code-block:: shell test:~$ sudo nano /etc/bind/db.webserveripv6.conf .. code-block:: shell $TTL 86400 @ IN SOA ns1.webserveripv6.com. admin.webserveripv6.com. ( 2025072301 ; Serial 3600 ; Refresh 1800 ; Retry 1209600 ; Expire 86400 ) ; Minimum TTL IN NS ns1.webserveripv6.com. ns1 IN AAAA fd00::10 @ IN AAAA fd00::10 ; No entry for doesnotexist.webserveripv6.com .. note:: * Ensure `db.webserveripv6.com` does NOT contain an AAAA record for `doesnotexist.webserveripv6.com` * The primary goal is to ensure the server correctly responds when a name is not found within its configured zone. * Step-4 : Configure the Local Zones .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "webserveripv6.com" { type master; file "/etc/bind/db.webserveripv6.conf"; }; .. note:: * Replace ``webserveripv6.com`` with your desired domain name. * Step-5 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ip -6 addr add fd00::10/64 dev enp0s8 test:~$ sudo ip link set enp0s8 up .. note:: * The IPv6 address ``fd00::10/64`` is assigned to the interface ``enp0s8``. Replace `enp0s8` with your actual server interface name. * Step-6 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 ● named.service - BIND Domain Name Server Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: enabled) Active: active (running) since Fri 2025-07-25 05:33:21 UTC; 2s ago Docs: man:named(8) Main PID: 1782 (named) Status: "running" Tasks: 10 (limit: 2267) Memory: 5.9M (peak: 6.4M) CPU: 59ms CGroup: /system.slice/named.service └─1782 /usr/sbin/named -f -u bind Jul 25 05:33:21 sysadmin named[1782]: network unreachable resolving './.NS/IN': 2001:500:2::c#53 Jul 25 05:33:21 sysadmin named[1782]: network unreachable resolving './.DNSKEY/IN': 2001:500:2::c#53 Jul 25 05:33:21 sysadmin named[1782]: network unreachable resolving './.NS/IN': 2001:500:2f::f#53 Jul 25 05:33:21 sysadmin named[1782]: network unreachable resolving './.DNSKEY/IN': 2001:4f88:8e0:4000::8084#53 Jul 25 05:33:21 sysadmin named[1782]: network unreachable resolving './.DNSKEY/IN': 2001:4f88:8e0:4000::8088#53 Jul 25 05:33:22 sysadmin named[1782]: network unreachable resolving './.DNSKEY/IN': 2001:dc3::35#53 Jul 25 05:33:22 sysadmin named[1782]: network unreachable resolving './.DNSKEY/IN': 2001:500:2::c#53 Jul 25 05:33:22 sysadmin named[1782]: managed-keys-zone: key 20326 for zone . is now trusted (acceptance timer complete) Jul 25 05:33:22 sysadmin named[1782]: managed-keys-zone: key 38696 for zone . is now trusted (acceptance timer complete) .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-7 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping fd00::100 .. note:: * Replace ``fd00::100`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver fd00::10 .. note:: * Replace ``fd00::10`` with the IP address of your DNS server. * This file might be overwritten by NetworkManager. For persistent changes, you might need to configure network settings via Netplan (Ubuntu 18.04+) or directly in network interface configuration files. * Step-2 : Assign IPv6 to Client Interface .. code-block:: shell test:~$ sudo ip -6 addr add fd00::100/64 dev enp0s8 test:~$ sudo ip link set enp0s8 up .. note:: * The IPv6 address ``fd00::100/64`` is assigned to the interface ``enp0s8``. Replace `enp0s8` with your actual client interface name. * Step-3 : Test DNS Resolution from the Client .. code-block:: shell test:~$ dig AAAA doesnotexist.webserveripv6.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> AAAA doesnotexist.webserveripv6.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59201 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 3d5d5a098d9a2ae0100000006683170bb1bf39968d15cd23 (good) ;; QUESTION SECTION: ;doesnotexist.webserveripv6.com. IN AAAA ;; AUTHORITY SECTION: webserveripv6.com. 86400 IN SOA ns1.webserveripv6.com. admin.webserveripv6.com. 2025072301 3600 1800 1209600 86400 ;; Query time: 2 msec ;; SERVER: fd00::10#53(fd00::10) (UDP) ;; WHEN: Fri Jul 25 05:32:59 UTC 2025 ;; MSG SIZE rcvd: 133 .. note:: * `dig AAAA doesnotexist.webserveripv6.com` should return an `NXDOMAIN` status, indicating that the domain does not exist. * Step-4 : Wireshark Capture :download:`Download wireshark capture ` .. tab-item:: Test Case 6: Reverse DNS Lookup (PTR Record) **To Verify that DNS is able to resolve a PTR record using BIND9** **Server (Machine A) — DNS Server Setup (IPv6)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 2001:4860:4860::8888; 2001:4860:4860::8844; }; listen-on-v6 { any; }; auth-nxdomain no; dnssec-validation auto; }; .. note:: * The `allow-recursion` and `recursion` options are configured to handle reverse lookups. * Step-3 : Create a Forward Zone File for IPv6 Domain .. code-block:: shell test:~$ sudo nano /etc/bind/db.webserveripv6.conf .. code-block:: shell $TTL 604800 @ IN SOA ns1.webserveripv6.com. admin.webserveripv6.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Minimum TTL @ IN NS ns1.webserveripv6.com. ns1 IN AAAA f8d8:7bbc:1295::1 @ IN AAAA f8d8:7bbc:1295::1 * Step-4 : Create a Reverse Zone File for IPv6 Address .. code-block:: shell test:~$ sudo nano /etc/bind/db.1295.ip6 .. code-block:: shell $TTL 604800 @ IN SOA ns1.webserveripv6.com. root.webserveripv6.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Minimum TTL @ IN NS ns1.webserveripv6.com. 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR webserveripv6.com. .. note:: * The PTR record is created in the `ip6.arpa` domain. The IPv6 address `f8d8:7bbc:1295::1` is reversed, and each nibble is separated by a dot. * Step-5 : Configure the Local Zones .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "webserveripv6.com" { type master; file "/etc/bind/db.webserveripv6.conf"; }; zone "5.9.2.1.c.b.7.8.8.d.8.f.ip6.arpa" { type master; file "/etc/bind/db.1295.ip6"; }; .. note:: * A new reverse zone for `5.9.2.1.c.b.7.8.8.d.8.f.ip6.arpa` is added, pointing to the reverse zone file. * Step-6 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ip -6 addr add f8d8:7bbc:1295::1/64 dev enp0s8 test:~$ sudo ip link set enp0s8 up .. note:: * The IPv6 address ``f8d8:7bbc:1295::1/64`` is assigned to the interface ``enp0s8``. Replace `enp0s8` with your actual server interface name. * Step-7 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 ● named.service - BIND Domain Name Server Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: enabled) Active: active (running) since Mon 2025-08-11 07:03:01 UTC; 1s ago Docs: man:named(8) Main PID: 2797 (named) Status: "running" Tasks: 10 (limit: 2267) Memory: 5.8M (peak: 6.1M) CPU: 36ms CGroup: /system.slice/named.service └─2797 /usr/sbin/named -f -u bind Aug 11 07:03:01 sysadmin named[2797]: managed-keys-zone: loaded serial 172 Aug 11 07:03:01 sysadmin named[2797]: zone webserveripv6.com/IN: loaded serial 2 Aug 11 07:03:01 sysadmin named[2797]: zone 1.in-addr.arpa/IN: loaded serial 1 Aug 11 07:03:01 sysadmin named[2797]: zone 127.in-addr.arpa/IN: loaded serial 1 Aug 11 07:03:01 sysadmin named[2797]: zone 5.9.2.1.c.b.b.7.0.b.d.8.f.ip6.arpa/IN: loaded serial 2 Aug 11 07:03:01 sysadmin systemd[1]: Started named.service - BIND Domain Name Server. Aug 11 07:03:01 sysadmin named[2797]: zone localhost/IN: loaded serial 2 Aug 11 07:03:01 sysadmin named[2797]: zone 255.in-addr.arpa/IN: loaded serial 1 Aug 11 07:03:01 sysadmin named[2797]: all zones loaded Aug 11 07:03:01 sysadmin named[2797]: running .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-8 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping6 f8d8:7bbc:1295::1 .. note:: * Replace ``f8d8:7bbc:1295::1`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver f8d8:7bbc:1295::1 search webserveripv6.com .. note:: * Replace ``f8d8:7bbc:1295::1`` with the IPv6 address of your DNS server. * Step-2 : Assign IPv6 to Client Interface .. code-block:: shell test:~$ sudo ip -6 addr add f8d8:7bbc:1295::10/64 dev enp0s8 test:~$ sudo ip link set enp0s8 up .. note:: * The IPv6 address ``f8d8:7bbc:1295::10/64`` is assigned to the interface ``enp0s8``. Replace `enp0s8` with your actual client interface name. * Step-3 : Test DNS Resolution from the Client .. code-block:: shell test:~$ dig -x f8d8:7bbc:1295::1 ; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x fd8b:7bbc:1295::1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30152 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: f17e0111d0eb2b1010000000668995a975d268421b9ee29a (good) ;; QUESTION SECTION: ;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.9.2.1.c.b.b.7.0.b.d.8.f.ip6.arpa. IN PTR ;; ANSWER SECTION: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.9.2.1.c.b.b.7.0.b.d.8.f.ip6.arpa. 604800 IN PTR webserveripv6.com. ;; Query time: 1 msec ;; SERVER: fd8b:7bbc:1295::1#53(fd8b:7bbc:1295::1) (UDP) ;; WHEN: Mon Aug 11 07:03:05 UTC 2025 ;; MSG SIZE rcvd: 160 test:~$ ping6 webserveripv6.com PING webserveripv6.com(fd8b:7bbc:1295::1) 56 data bytes 64 bytes from fd8b:7bbc:1295::1: icmp_seq=1 ttl=64 time=1.60 ms 64 bytes from webserveripv6.com(fd8b:7bbc:1295::1): icmp_seq=2 ttl=64 time=1.10 ms 64 bytes from webserveripv6.com(fd8b:7bbc:1295::1): icmp_seq=3 ttl=64 time=1.22 ms ^C --- webserveripv6.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2014ms rtt min/avg/max/mdev = 1.099/1.305/1.597/0.212 ms .. note:: * `dig -x` performs a reverse lookup. It should resolve `f8d8:7bbc:1295::1` to `webserveripv6.com`. * `ping webserveripv6.com` should succeed, verifying forward resolution. * Step-4 : Wireshark Capture :download:`Download wireshark capture ` .. tab-item:: Test Case 7: DNS TTL Expiry Verification **To Verify DNS TTL (Time-to-Live) expiry using BIND9** **Server (Machine A) — DNS Server Setup (IPv6)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Configure BIND9 Options .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.options .. code-block:: shell options { directory "/var/cache/bind"; allow-query { any; }; // Allow queries from anyone recursion yes; // Enable recursion for this setup forwarders { 2001:4860:4860::8888; 2001:4860:4860::8844; }; listen-on-v6 { any; }; auth-nxdomain no; dnssec-validation no; }; .. note:: * The `allow-recursion` and `recursion` options are configured to handle reverse lookups. * Step-3 : Create a Forward Zone File for IPv6 Domain .. code-block:: shell test:~$ sudo nano /etc/bind/db.webserveripv6.conf .. code-block:: shell $TTL 60 @ IN SOA ns1.webserveripv6.com. root.webserveripv6.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 60 ) ; Minimum TTL @ IN NS ns1.webserveripv6.com. ns1 IN AAAA f8d8:7bbc:1295::1 @ IN AAAA f8d8:7bbc:1295::1 .. note:: * The `$TTL` directive is set to **60 seconds** to demonstrate the expiry mechanism. * Step-4 : Configure the Local Zones .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "webserveripv6.com" { type master; file "/etc/bind/db.webserveripv6.conf"; }; .. note:: * Replace ``webserveripv6.com`` with your desired domain name. * Step-5 : Configure Network Interface for the DNS Server .. code-block:: shell test:~$ sudo ip -6 addr add f8d8:7bbc:1295::1/64 dev enp0s8 test:~$ sudo ip link set enp0s8 up .. note:: * The IPv6 address ``f8d8:7bbc:1295::1/64`` is assigned to the interface ``enp0s8``. Replace `enp0s8` with your actual server interface name. * Step-6 : Restart and Check BIND9 Status .. code-block:: shell test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 ● named.service - BIND Domain Name Server Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: enabled) Active: active (running) since Mon 2025-08-11 09:33:41 UTC; 1s ago Docs: man:named(8) Main PID: 3326 (named) Status: "running" Tasks: 10 (limit: 2267) Memory: 5.8M (peak: 6.1M) CPU: 25ms CGroup: /system.slice/named.service └─3326 /usr/sbin/named -f -u bind Aug 11 09:33:41 sysadmin named[3326]: command channel listening on ::1#953 Aug 11 09:33:41 sysadmin named[3326]: managed-keys-zone: loaded serial 175 Aug 11 09:33:41 sysadmin named[3326]: zone 1.in-addr.arpa/IN: loaded serial 1 Aug 11 09:33:41 sysadmin named[3326]: zone 127.in-addr.arpa/IN: loaded serial 1 Aug 11 09:33:41 sysadmin named[3326]: zone 255.in-addr.arpa/IN: loaded serial 1 Aug 11 09:33:41 sysadmin named[3326]: zone webserveripv6.com/IN: loaded serial 2 Aug 11 09:33:41 sysadmin named[3326]: zone localhost/IN: loaded serial 2 Aug 11 09:33:41 sysadmin named[3326]: all zones loaded Aug 11 09:33:41 sysadmin named[3326]: running Aug 11 09:33:41 sysadmin systemd[1]: Started named.service - BIND Domain Name Server. .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. * Step-7 : Test Connectivity to a Client (Optional) .. code-block:: shell test:~$ ping6 f8d8:7bbc:1295::1 .. note:: * Replace ``f8d8:7bbc:1295::1`` with the IP address of your client machine to verify network connectivity. **Client (Machine B) — DNS Client Setup (IPv4)** * Step-1 : Install and Configure DNSmasq for caching .. code-block:: shell test:~$ sudo apt install dnsmasq test:~$ sudo nano /etc/dnsmasq.conf .. code-block:: shell server=f8d8:7bbc:1295::1 listen-address=::1 .. note:: * DNSmasq is used as a local caching resolver. It will forward queries to your BIND9 server and cache the responses. * Step-2 : Configure Client's DNS Resolver .. code-block:: shell test:~$ sudo systemctl restart dnsmasq test:~$ sudo nano /etc/resolv.conf .. code-block:: shell nameserver f8d8:7bbc:1295::1 search webserveripv6.com .. note:: * Replace ``f8d8:7bbc:1295::1`` with the IPv6 address of your DNS server. * Step-3 : Assign IPv6 to Client Interface .. code-block:: shell test:~$ sudo ip -6 addr add f8d8:7bbc:1295::10/64 dev enp0s8 test:~$ sudo ip link set enp0s8 up .. note:: * The IPv6 address ``f8d8:7bbc:1295::10/64`` is assigned to the interface ``enp0s8``. Replace `enp0s8` with your actual client interface name. * Step-4 : Test DNS Resolution from the Client .. code-block:: shell test:~$ dig @::1 AAAA webserveripv6.com # Initial dig Wait for some seconds test:~$ dig @::1 AAAA webserveripv6.com # Second dig, Wait for the rest of the TTL ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @::1 AAAA webserveripv6.com ;; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59141 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; QUESTION SECTION: ;webserveripv6.com. IN AAAA ;; ANSWER SECTION: webserveripv6.com. 38 IN AAAA fd8b:7bbc:1295::1 ;; Query time: 0 msec ;; SERVER: ::1#53(::1) (UDP) ;; WHEN: Mon Aug 11 09:34:18 UTC 2025 ;; MSG SIZE rcvd: 74 test:~$ dig @::1 AAAA webserveripv6.com # Third dig after TTL expiry ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @::1 AAAA webserveripv6.com ;; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13995 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 658a00577cda61b0100000006689a4b8c007863f5766ba (good) ;; QUESTION SECTION: ;webserveripv6.com. IN AAAA ;; ANSWER SECTION: webserveripv6.com. 60 IN AAAA fd8b:7bbc:1295::1 ;; Query time: 1 msec ;; SERVER: ::1#53(::1) (UDP) ;; WHEN: Mon Aug 11 09:35:09 UTC 2025 ;; MSG SIZE rcvd: 102 .. note:: * The first `dig` should show a TTL of 60 seconds. * The second `dig` (after 10 seconds) should show a TTL of approximately 50 seconds, as the answer is served from the local DNSmasq cache. * The third `dig` (after 60 seconds total) should trigger a new query to the BIND9 server, and the response should again show a TTL of 60 seconds. * Step-4 : Wireshark Capture :download:`Download wireshark capture ` .. _DNS_step6: .. tab-set:: .. tab-item:: DNS Protocol Packet Details **DNS Query Packet** .. csv-table:: :file: ./DNS/DNS_packetdetails1.csv :widths: 10,20,30,10 :header-rows: 1 **DNS Response Packet** .. csv-table:: :file: ./DNS/DNS_packetdetails2.csv :widths: 10,20,30,10 :header-rows: 1 .. _DNS_step7: .. tab-set:: .. tab-item:: DNS Usecases .. csv-table:: :file: ./DNS/DNS_Use_Cases.csv :widths: 10,20,30 :header-rows: 1 .. _DNS_step8: .. tab-set:: .. tab-item:: DNS Basic Features .. csv-table:: :file: ./DNS/DNS_Basic_Features.csv :widths: 10,10,30 :header-rows: 1 .. _DNS_step9: .. tab-set:: .. tab-item:: DNS Feature : Name Resolution **Name Resolution - Testcases** .. csv-table:: :file: ./DNS/DNS_Feature1_Name_Resolution_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DNS_step10: .. tab-set:: .. tab-item:: DNS Feature : Record Types **Record Types - Testcases** .. csv-table:: :file: ./DNS/DNS_Feature2_Record_Types_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DNS_step11: .. tab-set:: .. tab-item:: DNS Feature : Caching **Caching - Testcases** .. csv-table:: :file: ./DNS/DNS_Feature3_Caching_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DNS_step12: .. tab-set:: .. tab-item:: DNS Feature : Recursive & Iterative Queries **Recursive & Iterative Queries - Testcases** .. csv-table:: :file: ./DNS/DNS_Feature4_Recursive_and_Iterative_Queries_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DNS_step13: .. tab-set:: .. tab-item:: DNS Feature : Zone Management **Zone Management - Testcases** .. csv-table:: :file: ./DNS/DNS_Feature5_Zone_Management_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DNS_step14: .. tab-set:: .. tab-item:: DNS Feature : Delegation **Delegation - Testcases** .. csv-table:: :file: ./DNS/DNS_Feature6_Delegation_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DNS_step15: .. tab-set:: .. tab-item:: DNS Feature : Reverse DNS Lookup **Reverse DNS Lookup - Testcases** .. csv-table:: :file: ./DNS/DNS_Feature7_Reverse_DNS_Lookup_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DNS_step16: .. tab-set:: .. tab-item:: DNS Feature : Security Extensions (DNSSEC) **Security Extensions (DNSSEC) - Testcases** .. csv-table:: :file: ./DNS/DNS_Feature8_Security_Extensions_DNSSEC_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DNS_step17: .. tab-set:: .. tab-item:: DNS Feature : Load Balancing **Load Balancing - Testcases** .. csv-table:: :file: ./DNS/DNS_Feature9_Load_Balancing_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DNS_step18: .. tab-set:: .. tab-item:: DNS Feature : Redundancy & Failover **Redundancy & Failover - Testcases** .. csv-table:: :file: ./DNS/DNS_Feature10_Redundancy_and_Failover_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DNS_step19: .. tab-set:: .. tab-item:: Reference links * Reference links