HP 635n HP Jetdirect Print Servers - Practical IPv6 Deployment for Printing an - Page 22

Continuing with this example, let's look at their DNS name to IP address mappings: • vista1 A 192.168.1.21 • vista1 AAAA 2001:db8:1::21 • vista2 A 192.168.1.22 • vista2 AAAA 2001:db8:1::22 • mfp1 A 192.168.1.23 • mfp2 A 192.168.2.100 // Added to DNS by DHCPv4 Server // Added to DNS by DHCPv4 Server Vista machines are able to update DNS securely because of their tight integration with Active Directory. HP printers and MFPs have to rely on the DHCPv4 server to update DNS on their behalf. However, because there is no DHCPv6 server operating on the network, it doesn't appear as though the same name registration can happen automatically with IPv6. Therefore, only the A record is available for mfp1 and mfp2 in DNS. In short, "ping mfp2.example.internal" will result in IPv4 being used based upon the DNS records shown previously. To "force" IPv6 to be used, there are several options. The most common option is to have the DNS administrator add AAAA records manually to DNS for the printers and MFPs. This manual process is tedious, but is required for security reasons. It is possible to allow network devices that support Dynamic DNS to update DNS insecurely, but that would be a mistake for any environment. In order to update DNS securely, these devices would need to be integrated into the Active Directory and support Microsoft's kerberzied DNS update mechanism or supply DNS security credentials in some secure manner and have the device securely update DNS on its own. To be honest, the last approach is not a very good one as getting DNS security credentials distributed securely is not an easy task and it would probably be easier to simply update DNS with the appropriate IPv6 addresses since they are less likely to change than IPv4 addresses. Let's change our example slightly. We have a node called mfp3.remote.example.internal. Assuming that an AAAA record is added for mfp3.remote.example.internal and because Vista prefers IPv6 or IPv6, IPv6 would then be used for everything right? Well, not exactly. What Vista will do is gather all the IP addresses for a given name. Let's assume that the DNS entries for mfp3 are as follows: • mfp3 A 192.168.128.196 (Placed here by DHCPv4 Server) • mfp3 AAAA 2001:DB8:128::21b:78FF:FE0A:5D9A (Placed here by the DNS Administrator) In order to properly explain what happens next, we are going to have to switch applications. Let's start using FTP instead of ping. From the command prompt: "FTP mfp3.remote.example.internal" Here Vista will get both the IPv6 and IPv4 addresses from DNS and put them in a list. The FTP client on Vista will attempt to establish a TCP connection to port 21 on the IPv6 address 2001:DB8:128::21b:78FF:FE0A:5D9A. We can look at a network trace and verify this functionality Here we can see the DNS query in the first four packets (communication over IPv4). First an IPv4 address is returned and then an IPv6 address is returned. The FTP client then chooses the IPv6 22