Docstoc

Using Dns

Document Sample
Using Dns Powered By Docstoc
					IPv6 & DNS: DNSv6




       G6 Tutorial   1
                              Overview
   How important is the DNS?

   DNS Extensions for IPv6

   DNS Resource Lookup

   Recursive Name Servers Information Discovery

   DNS Service Continuity through IP Networks

   Operational Requirements, Recommendations & Issues

   About IPv6 AAAA glue Records in DNS Zones

   IPv6-capable DNS Software

                                 G6 Tutorial             2
                    How important is the DNS?
    Need for Name Resolution (Lookup)
       – Name resolution needed prior to a TCP/IP communication
       – With Internet exponential growth, it became:
            • impossible to memorize millions of IP addresses;
            • impossible to maintain them in a centralized flat file (aka ‘/etc/hosts’) 


    2 Approaches to the DNS : RFC 1034 / RFC 1035
       – A Database: Stores different types of Resource Records (RR):
            • Mainly IP address(es) but other types (NS, MX, PTR, …)
       – A TCP/IP Protocol and a Client/server Application:
            • IPv4 and IPv6; UDP & TCP; port 53
            • Query (for a RR)  lookup in the DNS database  Response


     Data returned to DNS clients SHOULD NOT depend on the underlying IP version




                                               G6 Tutorial                                  3
              DNS Extensions for IPv6 Support
                               RFC 3596 (DS)

   Forward lookup (‘Name  IPv6 Address’):
      A new Resource Record (RR) : ‘AAAA’
          The ‘AAAA’ RR is for IPv6 what the ‘A’ RR ‘is for IPv4
          Example:
           www.afnic.fr.         IN   A         192.134.4.20
                                 IN   AAAA      2001:660:3003:2::4:20


   Reverse lookup (‘IPv6 Address  Name’):
      PTR RR (pointer) applied to the new reverse tree: ip6.arpa
          A dedicated tree with nibble (4 bits) boundaries
          ip6.arpa tree is for IPv6 what the in-addr.arpa tree is for IPv4
          Example:
         $ORIGIN 1.0.0.0.6.0.0.3.0.6.6.0.1.0.0.2.ip6.arpa.
         1.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0 PTR ns3.nic.fr.

                                         G6 Tutorial                          4
                                         DNS AAAA Lookup
                                                                                                    root

                                                                                                     .
                                                                                                    “ ”
                                           Query
Manually                            ‘www.afnic.fr’ AAAA?                         “.”
configured                                                                    name server
root-servers list                                     Refer to fr NS + glue
                                              Query
                                       ‘www.afnic.fr’ AAAA?
                                                                                  fr
                                            Refer to afnic.fr NS
                                                                              name server
                                                                                               fr
                        name                                                                          de        com
                        server                 Query
 ‘www.afnic.fr’ AAAA?




                                        ‘www.afnic.fr’ AAAA?
                                                                                afnic.fr
                                               AAAA for                       name server
                                                                                            afnic          asso   inria
                                            www.afnic.fr :
        Query




                                         2001:660:3003:2::4:20

                            Response: www.afnic.fr has IPv6 @ 2001:660:3003:2::4:20

                                                                                                           g6
                        resolver

                                                           G6 Tutorial                                                5
        Lookups in an IPv6-aware DNS Tree
          IP Address Name                                                Name  IP Address

                                                              .

                               arpa          int              com                            net                    fr

        in-addr               ip6         ip6           itu                    apnic         ripe                   nic
         192        193
                          6.0.1.0.0.2 e.f.f.3                                              whois          www            ns3
0 ...    134 ... 255
                              0.6
          0         4
                                                                                                    192.134.0.49
                            6.0.0.3                                     ns3.nic.fr                  2001:660:3006:1::1:1
         49
                                                       192.134.0.49  49.0.134.192.in-addr.arpa.
              1.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0
                                                                                                                               ns3.nic.fr
                   2001:660:3006:1::1:1          1.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.6.0.0.3.0.6.6.0.1.0.0.2.ip6.arpa

                                                              G6 Tutorial                                                          6
    Recursive Name Servers Information Discovery
   A Stub Resolver needs a Recursive Name Server address to which it sends name
    resolution queries

   In the IPv4 world, this DNS information is:
      Either configured manually in the stub resolver (e.g. /etc/resolv.conf for Unix stations)
      Or discovered via DHCPv4


   In the IPv6 world: RFC4339         (IPv6 Host Configuration of DNS Server Information Approaches)

      Via stateful DHCPv6 (RFC 3315)
      Via stateless DHCPv6 (RFC 3736, “DHCPv6-light”)                        best preferred

      RA-based: http://www.ietf.org/internet-drafts/draft-jeong-dnsop-ipv6-dns-discovery-08.txt (not so popular 
        towards an experimental RFC)
      Well-known address (anycast or unicast)
      Manual configuration as for IPv4
      If IPv4 is supported, than run a DHCPv4 client




                                                        G6 Tutorial                                                  7
                       DNS Service Continuity through IP Networks

                                                                                      13 IPv4-only
                                                                                    Root Name Servers
                          IPv6-only
                                                     Query                        [a-m].root-servers.net
                          Network             ‘foo.g6.asso.fr’ RR?

Manually                                                                                           root
                           IPv6-only
configured
root file
                             Cache
                                                                               “.”
                                                                            name server             .
                                                                                                   “ ”
                             Name
                             Server
‘foo.g6.asso.fr’ RR?




                                     Reply:
       Query




                                   TIMEOUT
                                                                                              fr          de   com
                        resolver




                                                              G6 Tutorial                                      8
           DNS Service Continuity through IP Networks (2)
                                                                                                          root

                                                  Query
                                                                                                           .
                                                                                                          “ ”
                                         ‘foo.ipv6.example.com’                        “.”
                          IPv4-only                RR?                              name server
                          Network
                                                           Refer to com NS + glue
Manually                                                  Query
configured                                     ‘foo.ipv6.example.com’ RR?              com
root file IPv4-only
                                            Refer to example.com NS [+ glue]
                                                                                    name server
                            Cache                                                                   com          fr     org
                            Name                         Query
 ‘foo.ipv6.example.com’




                            Server            ‘foo.ipv6.example.com’ RR?
                                                                                  example.com
                                                                                   name server      example           dotcom
                                      Refer to ipv6.example.com NS + v6-only glue
          Query

           RR?




                                                         Query ‘foo.ipv6.example.com’ RR?
                                   Reply:
                                 TIMEOUT
                                                                             ipv6.example.com       ipv6
                                                                            IPv6-only name server
                            resolver                                                                foo



                                                                  G6 Tutorial                                          9
                 DNSv6 Operational
        Requirements, Recommendations & Issues
   RFC 3901: “DNS IPv6 Transport Operational Guidelines ”
      To guarantee DNS service continuity across a mixture of IPv4/v6 networks:
         • Every Recursive Name Server SHOULD be either IPv4-only or dual stack:
            Use dual-stack forwarders (DNS ALG) if necessary
         • Every DNS zone SHOULD be served by at least one IPv4-reachable Authoritative
           Name Server Avoid IPv6-only servers

   Bear in mind
      During the long IPv4-IPv6 transition period: some systems will stay
       IPv4-only, others will be/become dual-stack & others will be IPv6-only

   RFC4472 “Operational Considerations and Issues with IPv6”, among others:
         • Misbehavior of some DNS servers and Load-balancers
         • Handling special (e.g. limited-scope) IPv6-addresses (published vs reachable)
         • Service name vs Node name
         • IPv6 and Dynamic DNS Update (RFC 2136)
                                            G6 Tutorial                                    10
                             IPv6 Glue in DNS Zones
     When the DNS zone is delegated to a DNS server (among others) contained in the zone itself
     Example: In zone file fr

@     IN     SOA oldnsmaster.nic.fr. hostmaster.nic.fr.
                 (
                           2005020800          ;serial
                           3600                ;refresh
                           1800                ;retry
                           3600000             ;expire
                           5400                ;negative ttl
                      IN   NS           a.nic.fr.
                      IN   NS           b.nic.fr.
[…]
renata.fr.              IN    NS         paris.amen.fr.
                        IN    NS         ns2.amen.fr.
renater                 IN    NS         ns1.renater.fr.
                        IN    NS         calypso.urec.cnrs.fr.
ns1.renater.fr.         IN    A          193.49.159.2
                        IN    AAAA       2001:660:3001:4002::2
[…]

     IPv4 glue (A 193.49.159.2 ) is required to reach ns1 over IPv4 transport
     IPv6 glue (AAAA 2001:660:3001:4002::2) is required to reach ns1 over IPv6 transport
                                                     G6 Tutorial                            11
           IPv6 support by Root and TLD Servers
   13 root servers « around » the world (10 in the US):
     – [A-M].root-servers.net
     – In fact, more than 13: due to anycast deployment
   Some root-servers are reachable on IPv6 transport
     – But their IPv6 address is NOT published in the root zone
     – E.g.: B, F, H, K, M, … Cf. http://www.root-servers.org/
   Why IPv6 transport is not yet officially supported by the root servers?
     – Technical reasons: UDP response size limit (512 bytes)
     – Other reasons? …
   AAAA Glue records already present in the root zone for TLD delegation
     – Who puts them?
         • ICANN/IANA
     – When started?
         • 21 July 2004 with: FR, JP & KR
         • Today: more than 30 TLDs
     – How to proceed for a TLD?
         • http://www.iana.org/procedures/delegation-data.html
                                         G6 Tutorial                      12
           DNS IPv6-capable software

   BIND (Resolver & Server)
     http://www.isc.org/products/BIND/
     BIND 8.2.4 (or later)
     BIND 9
   On Unix distributions
     Resolver Library (+ (adapted) BIND)
   NSD (authoritative server only)
     http://www.nlnetlabs.nl/nsd/
   Microsoft Windows (Resolver & Server)
   …
                            G6 Tutorial     13
                       APIs

   getaddrinfo() for forward lookup
    – hostname  addresses
    – Replacement for gethostbyname()
    – With AF_UNSPEC, applications become protocol-
      independent

   getnameinfo() for reverse lookup
    – address  hostname
    – Replacement for gethostbyaddr()



                        G6 Tutorial                   14
                                References
   DNSv6-related RFCs & Internet-Drafts
     – RFC 3596 : “DNS Extensions to Support IP Version 6”
     – RFC 3901: “DNS IPv6 Transport Operational Guidelines”
     – RFC 4472: “Operational Considerations and Issues with IPv6”

     – “DNS Response size issues” (A. Kato & P. Vixie, work in progress)
      draft-ietf-dnsop-respsize-03.txt

   Other technical documents
     – Adding IPv6 Glue To The Rootzone ( R. van der Pol & D. Karrenberg)
       http://www.nlnetlabs.nl/ipv6/publications/v6rootglue.pdf
     – “DNS Response Size and Name Compression” (M. Souissi, AFNIC)
        http://w6.nic.fr/dnsv6/resp-size.html

   Books
     – DNS and BIND, 5th edition (Paul Albitz & Cricket Liu)




                                                G6 Tutorial                 15

				
DOCUMENT INFO
Shared By:
Tags:
Stats:
views:29
posted:11/10/2012
language:English
pages:15
Description: Using Dns