Firstly, thanks for the advice about the hidden master the other day, that's now setup, working fine and we've just finished transferring about 4500 records across! My software team came up this morning and slapped me across the face with a wet fish (figuratively speaking as It's not Thursday yet!) by informing me that they are developing a mobile app for one of our companies that Apple have mandated an ipv6 DNS requirement before they publish.
At the moment, all our infrastructure from ISP device inwards is ipv4 so setting up the zone on our DNS is going to require a lot of significant changes! There are a couple of things reference all this that I'm unsure about and am hoping you can educate me on. Firstly, we are running bind 9.11 on Debian 10 hosts. * Is it worth use upgrading to Debian 11 to get the newer version of bind? * Are there any issues/bugs/holes in 9.11 that will cause us a problem, especially if we start messing with ipv6? * If I do upgrade the on-premise servers, is it better to do master then slaves or the other way around? * If we have DNSSEC configured, is it going to break anything upgrading? (I have lots of backups of the zones and hosts files) Secondly, reference bind config * For the "listen-on-v6" statement, are the only options still 'none' or 'all'? * Can the "listen-on-v6" only be enabled globally in the 'named.conf.options' or is it possible to enable per zone as we are (currently) only going to have 1 zone needing ipv6? * Once ipv6 is enabled. Is it advisable to setup a sub-domain for the ipv6 addresses to avoid dual-stacking? The reverse zones for our ipv4 are handled (badly) by our local telecoms provider. How big an issue is it going to be for ipv6 if the reverse lookups are badly/not implemented? If our ISP can't give us a public ipv6 address, can we still run our bind to give out ipv6 addresses or not? Finally, can anyone point me towards any good reading on bind configuration and DNS best practice (preferably with idiot proof examples)? I must decide fairly quickly if we roll this zone back to our domain registrar who is setup to handle ipv6 or do we strike out and bring our DNS setup up to date and future proofed! Thanks for your time and expertise. Andy Baker
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
