- GoDaddy Accused of Serious Security Failings by FTC
- Ante la inminente llegada de la IA general, los CIO mantienen el rumbo de sus alianzas
- Cosmética más sostenible a partir de un modelo fundacional de IA personalizado
- 7 ways to get more out of your Bitwarden password manager
- EU To Launch Support Centre by 2026 to Boost Healthcare Cybersecurity
IPv6: How to configure static and DHCP IP addressing and deal with DNS
As IP technology has matured, the range of devices that the internet protocol supports goes well beyond computers to include cell phones, entertainment systems, and Internet of Things (IoT) devices, which created the need for more IP addresses and the development of IPv6 to provide them.
With more and more device types requiring network connectivity, the demand for addresses in an IPv4-based network is at a premium. It can provide somewhere south of 4,294,967,296 unique addresses. IPv6, on the other hand, can yield roughly 3.4×1038, which should be ample for a very long time.
IPv6 also includes performance enhancements like refined multicasting, stateless address autoconfiguration (SLAAC), simplified headers to streamline router processing, and the option to allow larger packets. Security also gets a potential boost in IPv6 with IPSec, which was initially built for IPv6 and then retrofitted for IPv4.
Dealing with IPv6 includes familiarizing yourself with two important IP concepts: DHCP and DNS. Here are tips on both.
Key IPv6 addressing concepts
IPv6 addressing within a network has a few major differences from IPv4. With IPv4 certain address ranges are reserved for private networks (such as 10.0.0.0/8 or 192.168.0.0/16) and link-local addressing without dynamic host configuration protocol (DHCP) (169.254.0.0/16).
DHCP automatically assigns IP addresses and distributes other information to hosts on a network so they can communicate with other endpoints. At the same time, by assigning active IP addresses only to active devices, DHCP can reuse them to help conserve IPv4 addresses. IPv6 has similar concepts but refines each idea a little further.
Link-local addresses in IPv6 exist on each interface, regardless of whether the interface has an address assigned from DHCP or is configured using another method. Link-local IPv6 addresses have a prefix of fe80::/10 and a 64-bit suffix which can be computed and managed by the host itself without requiring additional networking components. IPv6 hosts can verify the uniqueness of their link-local addresses through a neighbor discovery process, which reaches out to the local network in order to verify that the address is not already in use.
Once a link-local address has been established, the IPv6 host attempts to determine if an IPv6-capable router is available through the use of a router solicitation message. If an IPv6 router is available it will respond with a router advertisement, which includes network configuration information such as a network prefix that is used for automatic address configuration using SLAAC or whether the host should obtain additional configuration information from a DHCPv6 server.
Configuring a Static IPv6 address in Windows
Typical to Windows, there are three ways to configure a static IPv6 address for a network adapter, all of which work in Windows 10 and in both Windows Server 2016 and 2019. The first way uses the classic Control Panel method as follows.
From the Control Panel, navigate to Network and Internet, Network and Sharing Center, and then choose the Change adapter settings link in the left panel. (You can shortcut all the clicking by searching for “View Network Connections” from the Start Menu or the Search bar).
Once you locate the network adapter you wish to configure, you can view the properties and locate the Internet Protocol Version 6 (TCP/IPv6) node and configure the properties for the IPv6 protocol. As with IPv4 you can set the adapter to obtain the IPv6 address automatically or configure your own IPv6 address, subnet, default gateway, and DNS server information. If you need to set multiple IPv6 addresses this can be accomplished by clicking the Advanced button.
The second method of setting a static IP address involves the more modern Settings application. In Settings go to Network & Internet and click the Properties button for the interface you wish to configure. Click the Edit button under IP settings, change the configuration type to Manual, enable IPv6, and populate your settings.
The third way is to use the Windows PowerShell command-line interface. In order to set a static IPv6 address using the New-NetIPAddress cmdlet you will need either the name or the numeric index of the adapter you wish to configure. Both of these values are available using the Get-NetAdapter cmdlet. From an administrative PowerShell prompt enter one of the following commands (on a single line) replacing the details as necessary for your environment:
New-NetIPAddress -InterfaceIndex 10 -IPAddress fd3a:5e94:ff1e:a286::2 -PrefixLength 64 -DefaultGateway fd3a:5e94:ff1e:a286::1
or
New-NetIPAddress -InterfaceAlias “Local Area Connection” -IPAddress fd3a:5e94:ff1e:a286::2 -PrefixLength 64 -DefaultGateway fd3a:5e94:ff1e:a286::1
Managing IPv6 Addressing for a Windows Network
Static IP addresses are generally OK to use when the device is hosting a critical network service that requires retaining a consistent network address, but for general use you’ll want to have a way to automate address configuration.
In an IPv4 network DHCP is the obvious answer for IP configuration and can also provide critical networking details such as the default gateway or DNS-server addresses through DHCP options. IPv6 offers three potential scenarios for managing addressing and network configuration.
SLAAC is a straightforward option assuming your router supports the appropriate router-advertisement messages. DHCP is certainly still in play to handle stateful addressing in the form of DHCPv6. You can also potentially have a hybrid scenario where your router handles addressing, and DHCPv6 simply provides the relevant network-configuration details.
In Windows Server 2016 and 2019, configuring DHCPv6 is extremely straightforward. If your router is configured to handle router advertisements and addressing through SLAAC you can simply manage the IPv6 server options to configure DNS servers or other options. If you prefer to roll with stateful addressing you can add one or more DHCPv6 scopes and configure a prefix, any exclusions, and lease durations. DHCPv6 scopes will maintain a list of leases and their expirations just as an IPv4 scope would, and they also provide an easy path for creating IPv6 reservations from existing leases.
Setting up DNS Name Resolution for IPv6
DNS is incredibly important in an IPv6 network, even moreso than in an IPv4 network because trying to configure connectivity and access resources using only IPv6 addresses is borderline insane. The biggest difference to note in regard to using DNS with IPv6 is that the IPv4 A records, which convert a fully qualified domain name (FQDN) to an IPv4 address, are replaced by AAAA (quad-A) records. All other record types such as CNAME, MX, NS, SOA, and the various DNSSEC-related record types simply reference the FQDN of the AAAA record. Reverse lookup zones, which are used to find a hostname from an IP address, are different in IPv6 simply because they are built on the IP address structure, but the process of creating and using these zones are functionally identical.
The DNS server role in Windows Server supports both IPv4 and IPv6 through a similar set of tools and processes. As with A records, AAAA records can either be created manually for critical systems or the dynamic update process can be leveraged to manage DNS records for the entire enterprise.
AAAA records can be manually created using the DNS console through the same process as A records: Right click the required DNS zone, select the New Host (A or AAAA) option, and populate the Host name and IP address. Dynamic updates are enabled through the DNS console, but most of the work is done by DHCP; the update process is configured within the DHCP console and updates are performed by the DHCP client service on individual hosts. Dynamic updates can also be manually initiated from the command line using the ipconfig command with the /registerdns switch.
Copyright © 2021 IDG Communications, Inc.