2

I'm just asking for a possibility of having both ipv4 and ipv6 configurations in one domain. If I do dig <domain>, inside the ADDITIONAL SECTIONS will display the A and AAAA records.

Are there any drawbacks of referring to both records for that domain?

Updated:

Results of the query:

;; ANSWER SECTION:
example.edu.my. 1142    IN  A   202.75.5.xxx

;; AUTHORITY SECTION:
xxx.edu.my.     11626   IN  NS  dns2.xxx.xxx.xxx.
xxx.edu.my.     11626   IN  NS  dns1.xxx.xxx.xxx.

;; ADDITIONAL SECTION:
dns2.xxx.xxx.xxx.   1976    IN  A   202.75.5.xxx
dns2.xxx.xxx.xxx.   3490    IN  AAAA    2400:e800:xxxx:xxxx::xxx

Thanks.

Andrew B
  • 32,588
  • 12
  • 93
  • 131
foxns7
  • 123
  • 1
  • 5
  • 1
    Can you provide more specific details about what query was sent and what response was received? The `A` or `AAAA` records should be in the answer section, not the additional section, if your query was for that type. What is your concern as far as "drawbacks" - are you concerned about putting both record types on your domain for any particular reason? – Shane Madden Feb 27 '13 at 04:42
  • Yes, the A record is already in the ANSWER section however there are also a few "ADDITIONAL" alternatives I can get the answer from.See my updated entry. – foxns7 Feb 27 '13 at 04:47

1 Answers1

5

The resolver library of the client will request A or AAAA records as appropriate for the type of IP addressing in use by the operating system. Having both record types co-existing with each other for the same host entities is commonplace on the internet.

The ADDITIONAL section of the packet is a bit different.

  • In an authoritative context (aa flag on reply packet) it's supplying the glue necessary to resolve whatever entities that were named within the ANSWER section, but in most cases the remote nameserver has no way of knowing based on the request whether a IPv4 or IPv6 record is desired. Rather than make an assumption about your type of service, it's supplying information for both IP address types at once, and the resolver library is free to use whichever one is most appropriate.
  • If this is a non-authoritative response (rd flag set on query, aa absent on reply), do not panic if AAAA records are missing from the ADDITIONAL section. This is normal. Refer to: RHEL5 - Bind doesn't return IPv6 records

The only real drawback is the increased size of the response packet. In normal scenarios this doesn't come up very often, there are a few gotchas with that:

  • Too many NS records can cause the size of a SOA reply to be >512 bytes, which has been known to cause zone transfers to fail with BIND.
  • It is a relevant factor in being used as the middle man in DNS amplification attacks against spoofed source IPs.
Community
  • 1
Andrew B
  • 32,588
  • 12
  • 93
  • 131
  • "the resolver library is free to use whichever one is most appropriate". This is the answer that I'm looking for. Actually, I'm no expert in this matter but I understand this clearly. I just thought there might be some conflicts if both records exist together.Thanks. – foxns7 Feb 27 '13 at 05:09
  • 1
    Yeah, doesn't hurt to check. IPv4 and IPv6 will be living alongside each other for quite some time, so even the IPv6 resolver will still be putting those "old" `A` records to use when `AAAA` isn't available. – Andrew B Feb 27 '13 at 05:21