<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 2/16/22 14:38, Andrew Baker via
bind-users wrote:<br>
<br>
</div>
<blockquote type="cite"
cite="mid:AS8P190MB1048956627E85ACC62B9BF7F8D359@AS8P190MB1048.EURP190.PROD.OUTLOOK.COM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:106%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
mso-add-space:auto;
line-height:106%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
mso-add-space:auto;
line-height:106%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:106%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0in;}ul
{margin-bottom:0in;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--><o:p></o:p>
<div class="WordSection1">
<p class="MsoNormal">Firstly, we are running bind 9.11 on Debian
10 hosts. <o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraphCxSpFirst"
style="margin-left:-.25in;mso-add-space:auto;mso-list:l1
level1 lfo1">
Is it worth use upgrading to Debian 11 to get the newer
version of bind?</li>
</ul>
</div>
</blockquote>
<br>
I don't run Linux, but shouldn't it be possible to just upgrade only
BIND on your current Linux release, without having to change major
OS versions?<br>
<br>
<br>
<blockquote type="cite"
cite="mid:AS8P190MB1048956627E85ACC62B9BF7F8D359@AS8P190MB1048.EURP190.PROD.OUTLOOK.COM">
<div class="WordSection1">
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraphCxSpFirst"
style="margin-left:-.25in;mso-add-space:auto;mso-list:l1
level1 lfo1"><o:p></o:p><br>
</li>
<li class="MsoListParagraphCxSpMiddle"
style="margin-left:-.25in;mso-add-space:auto;mso-list:l1
level1 lfo1">
Are there any issues/bugs/holes in 9.11 that will cause us a
problem, especially if we start messing with ipv6?</li>
</ul>
</div>
</blockquote>
<br>
None that I can tell.<br>
<br>
We are running bind911-9.11.36 happily as a resolver. Given
authoritative name servers would be less busy, I imagine you'll be
fine from that standpoint.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:AS8P190MB1048956627E85ACC62B9BF7F8D359@AS8P190MB1048.EURP190.PROD.OUTLOOK.COM">
<div class="WordSection1">
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraphCxSpMiddle"
style="margin-left:-.25in;mso-add-space:auto;mso-list:l1
level1 lfo1"><o:p></o:p><br>
</li>
<li class="MsoListParagraphCxSpMiddle"
style="margin-left:-.25in;mso-add-space:auto;mso-list:l1
level1 lfo1">
If I do upgrade the on-premise servers, is it better to do
master then slaves or the other way around?<o:p></o:p></li>
</ul>
</div>
</blockquote>
<br>
I've done both ways, because I've found it doesn't matter,
especially if you have more than one master.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:AS8P190MB1048956627E85ACC62B9BF7F8D359@AS8P190MB1048.EURP190.PROD.OUTLOOK.COM">
<div class="WordSection1">
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraphCxSpLast"
style="margin-left:-.25in;mso-add-space:auto;mso-list:l1
level1 lfo1">
If we have DNSSEC configured, is it going to break anything
upgrading? (I have lots of backups of the zones and hosts
files)<o:p></o:p></li>
</ul>
</div>
</blockquote>
<br>
Take your time understanding DNSSEC, and how to set it up. I'd do
this long after adding IPv6 support, as that is what is most urgent,
if I hear you right.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:AS8P190MB1048956627E85ACC62B9BF7F8D359@AS8P190MB1048.EURP190.PROD.OUTLOOK.COM">
<div class="WordSection1">
<p class="MsoNormal">Secondly, reference bind config<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraphCxSpFirst"
style="margin-left:-.25in;mso-add-space:auto;mso-list:l0
level1 lfo2">
For the “listen-on-v6” statement, are the only options still
‘none’ or ‘all’?</li>
</ul>
</div>
</blockquote>
<br>
On all our name servers, we have this:<br>
<br>
listen-on-v6 { any; };<br>
<br>
Works great.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:AS8P190MB1048956627E85ACC62B9BF7F8D359@AS8P190MB1048.EURP190.PROD.OUTLOOK.COM">
<div class="WordSection1">
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraphCxSpFirst"
style="margin-left:-.25in;mso-add-space:auto;mso-list:l0
level1 lfo2"><o:p></o:p><br>
</li>
<li class="MsoListParagraphCxSpMiddle"
style="margin-left:-.25in;mso-add-space:auto;mso-list:l0
level1 lfo2">
Can the “listen-on-v6” only be enabled globally in the
‘named.conf.options’ or is it possible to enable per zone as
we are (currently) only going to have 1 zone needing ipv6?<o:p></o:p></li>
</ul>
</div>
</blockquote>
<br>
Good question - I don't know.<br>
<br>
But I'd suspect it's a global setting, because the protocol BIND
listens on has nothing to do with what it answers, i.e., you can
carry an IPv6 response over IPv4.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:AS8P190MB1048956627E85ACC62B9BF7F8D359@AS8P190MB1048.EURP190.PROD.OUTLOOK.COM">
<div class="WordSection1">
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraphCxSpLast"
style="margin-left:-.25in;mso-add-space:auto;mso-list:l0
level1 lfo2">
Once ipv6 is enabled. Is it advisable to setup a sub-domain
for the ipv6 addresses to avoid dual-stacking?</li>
</ul>
</div>
</blockquote>
<br>
You could if you want to, but there is no relationship between the
A/AAAA records in the zone, and how the server's TCP/IP stack is
configured.<br>
<br>
We just have all IPv4 and IPv6 records in the same zone, with the
server dual-stacked.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:AS8P190MB1048956627E85ACC62B9BF7F8D359@AS8P190MB1048.EURP190.PROD.OUTLOOK.COM">
<div class="WordSection1">
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraphCxSpLast"
style="margin-left:-.25in;mso-add-space:auto;mso-list:l0
level1 lfo2"><o:p></o:p><br>
</li>
</ul>
<p class="MsoNormal">The reverse zones for our ipv4 are handled
(badly) by our local telecoms provider. How big an issue is it
going to be for ipv6 if the reverse lookups are badly/not
implemented?</p>
</div>
</blockquote>
<br>
You can choose to handle your own PTR, assuming the IPv6 space is
yours. Unless I misunderstand...<br>
<br>
<br>
<blockquote type="cite"
cite="mid:AS8P190MB1048956627E85ACC62B9BF7F8D359@AS8P190MB1048.EURP190.PROD.OUTLOOK.COM">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">If our ISP can’t give us a public ipv6
address, can we still run our bind to give out ipv6 addresses
or not?</p>
</div>
</blockquote>
<br>
Yes - you can answer to IPv6 DNS queries, and provide that answer
over IPv4, i.e., you can answer an AAAA query over IPv4. The answer
and the transport don't have to be congruent.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:AS8P190MB1048956627E85ACC62B9BF7F8D359@AS8P190MB1048.EURP190.PROD.OUTLOOK.COM">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Finally, can anyone point me towards any
good reading on bind configuration and DNS best practice
(preferably with idiot proof examples)? I must decide fairly
quickly if we roll this zone back to our domain registrar who
is setup to handle ipv6 or do we strike out and bring our DNS
setup up to date and future proofed!<br>
</p>
</div>
</blockquote>
<br>
<a class="moz-txt-link-freetext" href="https://www.oreilly.com/library/view/dns-and-bind/9781449308025/">https://www.oreilly.com/library/view/dns-and-bind/9781449308025/</a><br>
<br>
Mark.<br>
</body>
</html>