3

I have a Bind DNS for various websites on a shared server.

The shared server has an IPv4 and an IPv6 address.

I have and I expect to duplicate the NS records for A and AAAA.

Ai LLM's are telling me that duplication of all the usual "A" records to "AAAA" counterparts is not required. However, reading elsewhere (and on here: Why would there be 4 identical A and AAAA records? ) it seems it would be a good idea.

So; how far should I take this? Should I be duplicating EVERY A record with an AAAA record featuring identically relevant details?

Please see image below of an example.

enter image description here

So, is it best to add AAA mail.domain.com records duplicating the A mail.domain.com records?

Likewise, should the webmail.domain.com A record (which directs to a webmail login page) also be duplicated as an AAAA record?

Improve this question
1
  • Note that the question you linked to has comments stating that something is wrong with the original DNS, as the user shouldn't see 4 identical copies of each record, and the answer talks about round-robin load-balancing if you have different values on the same name. Commented yesterday

3 Answers 3

Reset to default
6

If all records for a name should be exactly the same, what you are looking for is a CNAME record.

So you'd give the machine a name (like yolo), and add A and AAAA records for whatever connectivity you have, and CNAMEs for all the functional aliases:

@               SOA     ...
                A       123.123.123.123
                AAAA    2a00:da00:f3ad:a300::1
                MX      10 mail
yolo            A       123.123.123.123
                AAAA    2a00:da00:f3ad:a300::1
mail            CNAME   yolo
webmail         CNAME   yolo

The duplication for the @ record is required because it has additional records (SOA and MX and probably a few others).

Traditionally, web sites would be hosted on the www name, and the A records for the domain would always point at the mail server (because some broken mail transport agents would not do a proper MX lookup), but I think we have moved on from that.

Improve this answer
New contributor
Simon Richter is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.
4
  • CNAMES are not always a good idea. They introduce an additional lookup for a start. I think your comments about mail on the A record for the site are no longer practically relevant and very often websites answer canonically on the root of the zone. (I suspect you are old enough to get the example that if slashdot.org does this...) Commented yesterday
  • 3
    Within the same zone, CNAME records are resolved immediately without an additional lookup (servers return the referred records as "additional records" in the reply), so the worst case is the same as copies of A and AAAA records. The best case is that multiple cached CNAME records can point to the same A/AAAA records, so resolving one of them also makes the other names answerable from local caches. Commented yesterday
  • Ta. TIL... I did not know BIND did this. (Am I correct in understanding not all DNS servers do?) Commented yesterday
  • 1
    It's supposed to work this way -- that's why the "additional records" section exists, for the most part. A good DNS will include any records that are relevant to the query that it's authoritative for (so it should also work for subdomains). It is possible for an extra round trip to be needed if the CNAME points to different infrastructure, such as a CDN -- but there is no way to avoid that in this case either. Commented yesterday
4

More IPv6 adoption generally is a good thing. Its more management for you. May be a possible cause of a potential error or mistake. But I think the benefits exceed the risks.

  • Your sites have two reachable methods by having both old and new IP addresses and gives an alternative for when an ISP or router issue occurs.
  • It's good for the long term, implement now instead of later.
  • There may be a search engine ranking benefit, if not now, then in the future.
  • IPv6 has a few engineering improvements over IPv4.
Improve this answer
2
  • Thanks, My question really was if there any issue with doing this duplication as described, I read your answer that this duplication of A to AAAA is not an issue and is a good idea to approach, am I right in that conclusion? - eg a DNS has 8 A records then it can also have 8 AAAA records as well without issue. Commented 2 days ago
  • 2
    As long as your AAAA are accurate, then no issues, and it can even improve some things. Commented 2 days ago
1

I think the answer depends on your setup and goals.

IPv4 and IPV6 are different stacks. The question is really more one of "do I want the advantages and complexity of supporting both IPv4 and IPv6"?

I'd expect the biggest advantage of ipv6 over ipv4 is that addresses are unique, so you can more accurately track users (ie no issues with NAT, Carrier Grade NAT). If you don't need this granularity of control - and for most applications you don't, and on the assumption that this is a general purpose website, IPv4 is not going away anytime soon, there is little practical advantage to you to use IPv6. There may even be a disadvantage in that blocking attacks from IPv6 space can be harder because of the much larger address space.

There are no doubt other subtle advantages in using IPv6.

Looking specifically at the screenshot you attached, I'd suggest against using IPv6. In fact, I'd suggest you get an expert in to advise you as there are at least a couple of indications that you may not know enough to run this system smoothly (but as its an example/sanitized domain, inferences can be wrong). Of specific note -

  • You have multiple NS servers with the same IP address.
  • Your SPF record is inconsistent with your mail record, and also ignores IPv6, yet mail.domain.com has an IPv6 record.

NOTE - YOU SHOULD NOT RELY ON A SINGLE IP ADDRESS FOR A NAMESERVER. (It looks like you are actually doing this "for real" on your domain. Read https://www.rfc-editor.org/rfc/rfc2182 )

Improve this answer
3
  • Yes I'm well aware of the Single IP issue; the IPv6 and IPv4 are single but the reasoning is that we can get multiple IPs from the Hosting provider but they're all in the same set the hosting provider gives. So ultimately the significant cost of a second IP(v4) doesn't seem worth it if they're all in the same set anyways. Commented 2 days ago
  • Yes, I fully accept the SPF is only set for IPv4 and that will be improved in the coming few weeks (It's a new server we're setting up in stages) The SPF address domain is fully correct in the real one but my renaming went imperfectly in constructing this question! Commented 2 days ago
  • 1
    Get a cheap, ultra low end VPS and use that for your second name server. DNS requires virtually no resources. That will give you geographic redundancy as well. Performance of DNS is not really an issue either, even on the lowest VPS. Commented 2 days ago

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.