Bind 9 Administrator Reference Manual

Chapter 4. Advanced Concepts

One output ﬁle is produced: zone.child.example.signed. This ﬁle should be referenced by

named.conf as the input ﬁle for the zone.

4.7.5. Conﬁguring Servers

Unlike in BIND 8, data is not veriﬁed on load in BIND 9, so zone keys for authoritative zones do not

need to be speciﬁed in the conﬁguration ﬁle.

The public key for any security root must be present in the conﬁguration ﬁle’s trusted-keys statement, as

described later in this document.

4.8. IPv6 Support in BIND 9

BIND 9 fully supports all currently deﬁned forms of IPv6 name to address and address to name lookups.

It will also use IPv6 addresses to make queries when running on an IPv6 capable system.

For forward lookups, BIND 9 supports both A6 and AAAA records. The use of AAAA records is

deprecated, but it is still useful for hosts to have both AAAA and A6 records to maintain backward

compatibility with installations where AAAA records are still used. In fact, the stub resolvers currently

shipped with most operating system support only AAAA lookups, because following A6 chains is much

harder than doing A or AAAA lookups.

For IPv6 reverse lookups, BIND 9 supports the new "bitstring" format used in the ip6.arpa domain, as

well as the older, deprecated "nibble" format used in the ip6.int domain.

BIND 9 includes a new lightweight resolver library and resolver daemon which new applications may

choose to use to avoid the complexities of A6 chain following and bitstring labels, see Chapter 5.

For an overview of the format and structure of IPv6 addresses, see Section A.3.1.

4.8.1. Address Lookups Using AAAA Records

The AAAA record is a parallel to the IPv4 A record. It speciﬁes the entire address in a single record. For

example,

$ORIGIN example.com.

host 3600 IN AAAA 3ffe:8050:201:1860:42::1

While their use is deprecated, they are useful to support older IPv6 applications. They should not be

added where they are not absolutely necessary.