Setup DNS Dual Stack Server on CentOS 7

In this article, you will learn, how to setup DNS Dual Stack Server on CentOS 7 or other Redhat based Linux OS. #centlinux #linux #dnsserver

What is DNS Dual Stack Server?

A Dual Stack is a network of computer systems that are capable of processing both IPv4 and IPv6 traffic simultaneously. A Dual Stack strategy is also used to migrate network from IPv4 to IPv6. Dual stacks are programmed to prefer IPv6 traffic over IPv4 traffic.

A DNS Dual Stack Server is a DNS server that supports both IPv4 and IPv6 addresses. This capability is essential for ensuring compatibility and connectivity in a network environment where both IPv4 and IPv6 are used. Here are the key aspects of a DNS Dual Stack Server:

IPv4 and IPv6 Support:

• The server can handle DNS queries and responses for both IPv4 (A records) and IPv6 (AAAA records) addresses.

DNS Records:

• A record: Maps a domain name to an IPv4 address.
• AAAA record: Maps a domain name to an IPv6 address.
• The DNS server must be able to manage and resolve both types of records.

Network Compatibility:

• A Dual Stack DNS server ensures that clients using either IPv4 or IPv6 can resolve domain names and connect to the appropriate resources.

Transition and Coexistence:

• As the internet transitions from IPv4 to IPv6, having a Dual Stack DNS server allows for a smoother coexistence and transition period, ensuring that all clients can access network services regardless of the IP version they use.

Configuration:

• Dual Stack DNS servers require configuration to handle both IP address types. This involves setting up network interfaces, DNS software (such as BIND or PowerDNS), and ensuring proper DNS records are in place.

Benefits of a DNS Dual Stack Server

Future-Proofing:

• As IPv6 adoption increases, having a Dual Stack DNS server ensures compatibility with future network architectures.

Enhanced Connectivity:

• Ensures all users, regardless of whether they use IPv4 or IPv6, can access your services.

Improved Performance:

• Some networks may experience better performance and routing efficiency with IPv6 due to its larger address space and improved design.

Compliance:

• Meets the requirements of modern network standards and practices, ensuring compliance with industry expectations.

Example Use Case

Client Query:

• A client with an IPv6 address queries the DNS server for example.com.

DNS Resolution:

• The DNS server checks its records and finds an AAAA record for example.com, responding with the IPv6 address.

IPv4 Fallback:

• If an IPv4 client queries the same domain, the DNS server responds with the A record containing the IPv4 address.

Seamless Operation:

• The DNS server handles both queries seamlessly, providing appropriate responses based on the client’s IP version.

Conclusion

A DNS Dual Stack Server is crucial for modern network environments that use both IPv4 and IPv6. By supporting both protocols, it ensures comprehensive connectivity, future-proofs your network infrastructure, and provides a seamless experience for all users.

Recommended Training: Introduction to Computer Networking – Beginner Crash Course from Rick Crisci

Environment Specification

In our previous article, we have configured an IPv4 based Authoritative DNS server on CentOS 7. However, some fans request that, we should also write an article on Dual Stack Authoritative DNS Server on CentOS 7.

Therefore, in this article, we are using the same server machines from our previous article, setup a Dual Stack network between them and then we will configure our BIND DNS server to serve RR (Resource Records) for both IPv4 and IPv6 stacks.

We are using the same CentOS 7 virtual machines that we have configured in our previous article i.e. Configure Authoritative DNS Server on CentOS 7.

Primary (Master) DNS Server:

• CPU – 3.4 Ghz (1 Core)
• Memory – 1 GB
• Storage – 20 GB
• Operating System – CentOS 7.6
• Hostname – dns-01.example.com
• IPv4 Address – 192.168.116.4 /24
• IPv6 Address – fd15:4ba5:5a2b:1008::1 /64

Secondary (Slave) DNS Server:

• CPU – 3.4 Ghz (1 Core)
• Memory – 1 GB
• Storage – 20 GB
• Operating System – CentOS 7.6
• Hostname – dns-02.example.com
• IPv4 Address – 192.168.116.5 /24
• IPv6 Address – fd15:4ba5:5a2b:1008::2/64

Note: The above machines are already configured on IPv4 based network.

Anker Laptop Charger, 140W MAX USB C Charger, 4-Port Multi-Device Fast Charging, Advanced GaN Power Adapter, Intuitive Touch Controls, for MacBook, iPhone 16 Series, Samsung Galaxy, Pixel, and More

(455684)

$99.99 (as of July 1, 2025 19:51 GMT +00:00 – More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)

Configure IPv6 network on CentOS 7

Connect with dns-01.example.com using ssh as root user.

Set an IPv6 address on this server.

nmcli c m ens33 ipv6.method manual ipv6.addresses "fd15:4ba5:5a2b:1008::1/64" ipv6.gateway fd15:4ba5:5a2b:1008:153c:3b05:4535:d080 

Restart network interface to load changes.

nmcli c down ens33 ; nmcli c up ens33

Ping IPv6 address of network Gateway to verify connectivity.

ping6 fd15:4ba5:5a2b:1008:153c:3b05:4535:d080

Output:

PING fd15:4ba5:5a2b:1008:153c:3b05:4535:d080(fd15:4ba5:5a2b:1008:153c:3b05:4535:d080) 56 data bytes
64 bytes from fd15:4ba5:5a2b:1008:153c:3b05:4535:d080: icmp_seq=3 ttl=64 time=0.757 ms
64 bytes from fd15:4ba5:5a2b:1008:153c:3b05:4535:d080: icmp_seq=4 ttl=64 time=0.886 ms
^C
--- fd15:4ba5:5a2b:1008:153c:3b05:4535:d080 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3040ms
rtt min/avg/max/mdev = 0.757/1.145/2.034/0.517 ms

Now connect with dns-02.example.com and set an IPv6 address.

nmcli c m ens33 ipv6.method manual ipv6.addresses "fd15:4ba5:5a2b:1008::2/64" ipv6.gateway fd15:4ba5:5a2b:1008:153c:3b05:4535:d080 

Restarting network interface to reload the changes.

nmcli c down ens33 ; nmcli c up ens33

Ping dns-01.example.com by using IPv6 address to verify connectivity.

ping6 fd15:4ba5:5a2b:1008::1

Output:

PING fd15:4ba5:5a2b:1008::1(fd15:4ba5:5a2b:1008::1) 56 data bytes
64 bytes from fd15:4ba5:5a2b:1008::1: icmp_seq=4 ttl=64 time=4.01 ms
64 bytes from fd15:4ba5:5a2b:1008::1: icmp_seq=5 ttl=64 time=4.13 ms
^C
--- fd15:4ba5:5a2b:1008::1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4040ms
rtt min/avg/max/mdev = 0.699/2.093/4.132/1.617 ms

We have configured IPv6 network between our nodes. It means that our nodes have now formed a DNS Dual Stack network.

Configure DNS Dual Stack Server on CentOS 7

Edit BIND configurations on both DNS servers to add IPv6 support.

vi /etc/named.conf

Ensure that following directive exists, so the BIND can listen on IPv6 addresses.

listen-on-v6 port 53 { ::1; };

Add IPv6 network address in following directive to allow network client’s to query our DNS servers.

allow-query     { localhost;192.168.116.0/24;fd15:4ba5:5a2b:1008::/64;};

Restart BIND service.

systemctl restart named

Repeat above steps on dns-02.example.com.

Connect with dns-01.example.com and edit /etc/named.conf.local file.

vi /etc/named.conf.local

Add IPv6 addresses of dns-02.example.com in allow-transfer and also-notify directives, to enable zone transfers to secondary DNS server over IPv6 network .

zone "example.com" {
   type master;
   file "/var/named/example.com";
   allow-transfer {192.168.116.5;fd15:4ba5:5a2b:1008::2; };
   also-notify {192.168.116.5;fd15:4ba5:5a2b:1008::2; };
};

zone "116.168.192.in-addr.arpa" {
   type master;
   file "/var/named/116.168.192.in-addr.arpa";
   allow-transfer {192.168.116.5;fd15:4ba5:5a2b:1008::2; };
   also-notify {192.168.116.5;fd15:4ba5:5a2b:1008::2; };
};

Edit example.com zone file.

vi /var/named/example.com

Add AAAA records of our servers therein.

$TTL 1h
@       IN      SOA     example.com.    root.example.com. (
        2019080901      ; Serial YYYYMMDDnn
        24h             ; Refresh
        2h              ; Retry
        28d             ; Expire
        2d )            ; Minimum TTL

;Name Servers
@       IN      NS              dns-01
@       IN      NS              dns-02

;Mail Servers
@       IN      MX      0       mail-01

;Other Servers
dns-01  IN      A               192.168.116.4
dns-02  IN      A               192.168.116.5
mail-01 IN      A               192.168.116.6
web-01  IN      A               192.168.116.3

;Canonical Names
www     IN      CNAME           web-01
mail    IN      CNAME           mail-01

;AAAA Records
dns-01  IN      AAAA            fd15:4ba5:5a2b:1008::1
dns-02  IN      AAAA            fd15:4ba5:5a2b:1008::2

Test resolution of hostname to IPv6 address by using ping6 command.

ping6 dns-01.example.com

Output:

PING dns-01.example.com(dns-01.example.com (fd15:4ba5:5a2b:1008::1)) 56 data bytes
64 bytes from dns-01.example.com (fd15:4ba5:5a2b:1008::1): icmp_seq=2 ttl=64 time=0.185 ms
64 bytes from dns-01.example.com (fd15:4ba5:5a2b:1008::1): icmp_seq=3 ttl=64 time=0.141 ms
^C
--- dns-01.example.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.055/0.127/0.185/0.053 ms
# ping6 dns-02.example.com
PING dns-02.example.com(fd15:4ba5:5a2b:1008::2 (fd15:4ba5:5a2b:1008::2)) 56 data bytes
64 bytes from fd15:4ba5:5a2b:1008::2 (fd15:4ba5:5a2b:1008::2): icmp_seq=2 ttl=64 time=0.768 ms
64 bytes from fd15:4ba5:5a2b:1008::2 (fd15:4ba5:5a2b:1008::2): icmp_seq=3 ttl=64 time=0.726 ms
^C
--- dns-02.example.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 0.403/0.632/0.768/0.164 ms

Add a reverse zone for IPv6 network.

vi /etc/named.conf.local

and add our IPv6 reverse zone in it.

zone "8.0.0.1.b.2.a.5.5.a.b.4.5.1.d.f.ip6.arpa." {
   type master;
   file "/var/named/ipv6.reverse.db";
   allow-transfer {192.168.116.5;fd15:4ba5:5a2b:1008::2; };
   also-notify {192.168.116.5;fd15:4ba5:5a2b:1008::2; };
};

Create a zone file.

vi /var/named/ipv6.reverse.db

and add IPv6 reverse zone settings therein.

$TTL 1h
@       IN      SOA     8.0.0.1.b.2.a.5.5.a.b.4.5.1.d.f.ip6.arpa.    root.example.com. (
        2019080901      ; Serial YYYYMMDDnn
        24h             ; Refresh
        2h              ; Retry
        28d             ; Expire
        2d )            ; Minimum TTL

;Name Servers
@       IN      NS              dns-01
@       IN      NS              dns-02

;Other Servers
dns-01  IN      A       192.168.116.4
dns-02  IN      A       192.168.116.5
dns-01  IN      AAAA    fd15:4ba5:5a2b:1008::1
dns-02  IN      AAAA    fd15:4ba5:5a2b:1008::2

;PTR Records
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0               IN      PTR             dns-01
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0               IN      PTR             dns-02

We have breakdown the reverse IPv6 addresses into two 64 bit addresses. The left 64-bits represents the Computer IPv6 address while right 64-bits represents our Computer Network. If you have confusion in reversing an IPv6 address then you can use generator at Reverse DNS Record Generator website.

Test IPv6 reverse dns by using ping6 command.

ping6 dns-01

Output:

PING dns-01(dns-01.8.0.0.1.b.2.a.5.5.a.b.4.5.1.d.f.ip6.arpa (fd15:4ba5:5a2b:100::1)) 56 data bytes
64 bytes from dns-01.8.0.0.1.b.2.a.5.5.a.b.4.5.1.d.f.ip6.arpa (fd15:4ba5:5a2b:108::1): icmp_seq=1 ttl=64 time=0.117 ms
64 bytes from dns-01.8.0.0.1.b.2.a.5.5.a.b.4.5.1.d.f.ip6.arpa (fd15:4ba5:5a2b:108::1): icmp_seq=2 ttl=64 time=0.151 ms
64 bytes from dns-01.8.0.0.1.b.2.a.5.5.a.b.4.5.1.d.f.ip6.arpa (fd15:4ba5:5a2b:108::1): icmp_seq=3 ttl=64 time=0.194 ms

We have successfully configure DNS Dual Stack Server on CentOS 7.

Ubuntu System Administration Guide: Ubuntu Desktop, Server, security, and DevOps automation (English Edition)

$19.95 (as of June 30, 2025 20:24 GMT +00:00 – More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)

Frequently Asked Questions (FAQs)

1. What is the purpose of a Dual Stack DNS server?

A Dual Stack DNS server is designed to handle both IPv4 and IPv6 queries simultaneously, ensuring compatibility with networks transitioning from IPv4 to IPv6.

2. Why is BIND a common choice for DNS servers in CentOS 7?

BIND (Berkeley Internet Name Domain) is the most widely used DNS software due to its stability, flexibility, and compliance with DNS standards, making it suitable for both IPv4 and IPv6 configurations.

3. What are the key configuration directives for enabling Dual Stack in BIND?

The main directives in /etc/named.conf are:

• listen-on port 53 { any; }; (IPv4)
• listen-on-v6 port 53 { any; }; (IPv6)
  These ensure BIND listens on all available interfaces for both protocols.

4. How does a Dual Stack DNS server improve network accessibility?

By supporting both IPv4 and IPv6, it allows backward compatibility with older systems while enabling future-proofing for IPv6-only networks.

5. What are the security considerations when running a Dual Stack DNS server?

• Firewall rules must allow both IPv4 and IPv6 traffic on port 53.
• Access control lists (ACLs) in BIND should restrict unauthorized queries.
• DNSSEC should be considered to prevent DNS spoofing.

Getting Started With Ubuntu OS: A Ridiculously Simple Guide to the Linux Open Source Operating System

(5055)

$4.99 (as of June 30, 2025 20:24 GMT +00:00 – More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)

Final Thoughts

By setting up a DNS Dual Stack server on CentOS 7, you’ve enabled your network to handle both IPv4 and IPv6 traffic, ensuring better connectivity, future-proofing your infrastructure, and improving resilience.

We covered installing and configuring BIND, setting up appropriate zone files for both address families, and testing the setup to ensure proper resolution across both protocols.

Maintaining a dual-stack DNS environment is a key step toward modernizing your network while maintaining compatibility with legacy systems. Regular monitoring and updates will help you keep the service secure and performant.

Struggling with Linux server management? I offer professional support to ensure your servers are secure, optimized, and always available. Visit my Fiverr profile to learn more!