IPv6 support in the DNS



Similar documents
IPv6 Support in the DNS. Workshop Name Workshop Location, Date

IPv6 Support in the DNS. Workshop Name Workshop Location, Date

DNS & IPv6. Agenda 4/14/2009. MENOG4, 8-9 April Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, DNS & IPv6.

Use Domain Name System and IP Version 6

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

- Domain Name System -

Copyright

Domain Name System :49:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

DNS : Domain Name System

ECE 4321 Computer Networks. Network Programming

The Domain Name System

An Introduction to the Domain Name System

Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace

Internet-Praktikum I Lab 3: DNS

APNIC elearning: Reverse DNS for IPv4 and IPv6

DNS Session 4: Delegation and reverse DNS. Joe Abley AfNOG 2006 workshop

Distributed Systems. 09. Naming. Paul Krzyzanowski. Rutgers University. Fall 2015

APNIC IPv6 Deployment

Domain Name Server. Training Division National Informatics Centre New Delhi

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide

Introduction to DNS CHAPTER 5. In This Chapter

The Domain Name System

DNS and BIND. David White

How To Guide Edge Network Appliance How To Guide:

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

Understand Names Resolution

Domain Name System (DNS) Fundamentals

Application Protocols in the TCP/IP Reference Model

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System

Enterprise Architecture Office Resource Document Design Note - Domain Name System (DNS)

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

Agenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS

Introduction to the Domain Name System

Part 5 DNS Security. SAST01 An Introduction to Information Security Martin Hell Department of Electrical and Information Technology

Overview. Principles Creating reverse zones Setting up nameservers Reverse delegation procedures IPv6 Reverse DNS

How-to: DNS Enumeration

Understanding DNS (the Domain Name System)

IPv6-Only. Now? Sites. Deutscher IPv6 Kongress June 6/7, 2013 Fr ankfur t /Ger many. Holger.Zuleger@hznet.de

Domain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley

Hostnames. HOSTS.TXT was a bottleneck. Once there was HOSTS.TXT. CSCE515 Computer Network Programming. Hierarchical Organization of DNS

DNS. Computer Networks. Seminar 12

DNS - Domain Name System

Networking Domain Name System

IPv6 and DNS. Secure64

Domain Name Servers. Domain Types WWW host names. Internet Names. COMP476 Networked Computer Systems. Domain Name Servers

Reverse DNS considerations for IPv6

The Use of DNS Resource Records

DNS Domain Name System

Networking Domain Name System

CS640: Computer Networks. Naming /ETC/HOSTS

DNS and Interface User Guide

netkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)

DNS and BIND Primer. Pete Nesbitt linux1.ca. April 2012

THE DOMAIN NAME SYSTEM DNS

Basic DNS Course. Module 1. DNS Theory. Ron Aitchison ZYTRAX, Inc. Page 1 of 24

Naming. Name Service. Why Name Services? Mappings. and related concepts

DNS ActiveX Control for Microsoft Windows. Copyright Magneto Software All rights reserved

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Domain Name System

Joe Davies. Principal Writer Windows Server Information Experience. Presented at: Seattle Windows Networking User Group June 1, 2011

IPv6 Trace Analysis using Wireshark Nalini Elkins, CEO Inside Products, Inc.

The Domain Name System (DNS)

DNS based Load Balancing with Fault Tolerance

DNS Domain Name System

FAQ (Frequently Asked Questions)

Configuring the BIND name server (named) Configuring the BIND resolver Constructing the name server database files

Operational Problems in IPv6: Fallback and DNS issues

DNS at NLnet Labs. Matthijs Mekking

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

Domain Name System. Heng Sovannarith

DNS: How it works. DNS: How it works (more or less ) DNS: How it Works. Technical Seminars Spring Paul Semple psemple@rm.

Clear and Present Danger Increase in Number of DNS AAAA Queries

Windows 2008 Server. Domain Name System Administración SSII

DNS + DHCP. Michael Tsai 2015/04/27

Domain Name System DNS

CS3250 Distributed Systems

How To Manage Dns On An Elfiq Link Load Balancer (Link Balancer) On A Pcode (Networking) On Ipad Or Ipad (Netware) On Your Ipad On A Ipad At A Pc Or Ipa

Domain Name System (DNS)

DNS Conformance Test Specification For Client

Names vs. Addresses. Flat vs. Hierarchical Space. Domain Name System (DNS) Computer Networks. Lecture 5: Domain Name System

How To Use The Domain Name Server (Dns)

Domain Name System (DNS) RFC 1034 RFC

Tunnel Client FAQ. Table of Contents. Version 0v5, November 2014 Revised: Kate Lance Author: Karl Auer

Domain Name System (DNS) Reading: Section in Chapter 9

A versatile platform for DNS metrics with its application to IPv6

Configuring DNS. Finding Feature Information

DNS. DNS Fundamentals. Goals of this lab: Prerequisites: LXB, NET

Transcription:

IPv6 support in the DNS How important is the DNS? Getting the IP address of the remote endpoint is necessary for every communication between TCP/IP applications Humans are unable to memorize millions of IP addresses (specially IPv6 addresses) To a larger extent: the Domain Name System (DNS) provides applications with several types of resources (domain s, mail exchangers, reverse lookups, ) they need DNS design hierarchy distribution redundancy simplicity 1

DNS Resource Lookup root name server resolver Reply Refer to fr NS + glue Refer to asso.fr NS [+ glue] Refer to g6.asso.fr NS [+ glue] RR for foo.g6.asso.fr fr asso.fr g6.asso.fr fr de com asso inria abg afnic g6 DNS Extensions for IPv6 RFC 1886 RFC 3596 (upon successful interoperability tests) AAAA : forward lookup ( Name IPv6 Address ): Equivalent to A record Example: ns3.nic.fr. IN A 192.134.0.49 IN AAAA 2001:660:3006:1::1:1 PTR : reverse lookup ( IPv6 Address Name ): Reverse tree equivalent to in-addr.arpa New tree: ip6.arpa (under deployment) Former tree: ip6.int (deprecated) Example: $ORIGIN 1.0.0.0.6.0.0.3.0.6.6.0.1.0.0.2.ip6.arpa. 1.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0 PTR ns3.nic.fr. 2

The Two Approaches to the DNS The DNS seen as a distributed Database Stores different types of Resource Records (RR): SOA, NS, A, AAAA, MX, SRV, PTR, è DNS data is independent of the IP version (v4/v6) the DNS server is running on! The DNS seen as a TCP/IP application The service is accessible in either transport modes (UDP/TCP) and over either IP versions (v4/v6) è Information given over both IP versions MUST BE CONSISTENT! Lookups in an IPv6-aware DNS Tree IP Address Name Name IP Address arpa int com net fr in-addr ip6 ip6 itu apnic ripe nic 192 193 6.0.1.0.0.2 e.f.f.3 whois www ns3 0... 134... 255 0.6 0 4 192.134.0.49 6.0.0.3 ns3.nic.fr 49 2001:660:3006:1::1:1 192.134.0.49 49.0.134.192.in-addr.arpa. 1.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0 2001:660:3006:1::1:1 1.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.6.0.0.3.0.6.6.0.1.0.0.2.ip6.arpa ns3.nic.fr 3

DNS Service Continuity through IP Networks IPv6-only Network 13 IPv4-only Root Name Servers [a-m].root-servers.net Manually configured root file IPv6-only Cache Name Server resolver Reply: TIMEOUT root fr de com DNS Service Continuity through IP Networks (2) Manually configured root file foo.ipv6.example.com RR? IPv4-only Network IPv4-only Cache Name Server Reply: TIMEOUT resolver foo.ipv6.example.com RR? Refer to com NS + glue foo.ipv6.example.com RR? Refer to example.com NS [+ glue] foo.ipv6.example.com RR? Refer to ipv6.example.com NS + v6-only glue com foo.ipv6.example.com RR? example.com ipv6.example.com IPv6-only com fr org example ipv6 foo root dotcom 4

About Required IPv6 Glue in DNS Zones When the DNS zone is delegated to a DNS server (among others) contained in the zone itself Example: In zone file rennes.enst-bretagne.fr @ IN SOA rsm.rennes.enst-bretagne.fr. fradin.rennes.enst-bretagne.fr. (2005040201 ;serial 86400 ;refresh 3600 ;retry 3600000 ;expire} IN NS rsm IN NS univers.enst-bretagne.fr. [ ] ipv6 IN NS rhadamanthe.ipv6 IN NS ns3.nic.fr. IN NS rsm ; rhadamanthe.ipv6 IN A 192.108.119.134 IN AAAA 2001:660:7301:1::1 [ ] IPv4 glue (A 192.108.119.134 ) is required to reach rhadamanthe over IPv4 transport IPv6 glue (AAAA 2001:660:73001:1::1) is required to reach rhadamanthe over IPv6 transport IPv6 Support for the Root Servers Why not? No room available for an extra root server IP(v4/v6) address DNS response size limit is 512 bytes unless EDNS.0 is used IPv6 infrastructure is not mature yet for the operation of the root servers -- not a valid argument! Homework done first RS.NET Testbed: http://www.rs.net/ Test and prove that new technologies (IPv6, DNSsec, IDN) are harmless Several TLDs participate in the testbed (FR, JP, SE, ) Who can put AAAA Glue Records in the Root Zone? IANA/ICANN 5

IPv6 DNS and root servers DNS root servers are critical resources! 13 roots «around» the world (#10 in the US) Need for (mirror) root servers to be installed in other locations (EU, Asia, Africa, ) New technique : anycast DNS server To build a clone from the master/primary server Containing the same information (files) Using the same IP address Such anycast servers have already begun to be installed : F root server : Ottawa, Paris (Renater), Hongkong, Lisbon (FCCN), Dubai, K root : London, Amsterdam, Look at http://www.root-servers.org for the complete and updated list. DNS Discovery A Stub Resolver needs a Recursive Name Server address for name resolution and a Search Path In IPv4 world, the DNS parameters are: Either configured manually in the stub resolver (e.g. /etc/resolv.conf) Or discovered via DHCPv4 In IPv6 world: Proposals for DNS Discovery: Under discussion IETF ipv6/dnsop WGs Stateless Discovery: RA-Based vs Stateful Discovery: DHCPv6(- light) Well-known address (anycast or unicast): seems to be out of date 6

DNSv6 Operational Requirements & Recommendations The target today IS NOT the transition from an IPv4-only to an IPv6-only environment It IS RATHER EASY to get from an IPv4-only to a mixed v4/v6 environment where: Some systems will remain IPv4-only Some systems will be dual-stacked Some systems will be IPv6-only How to get there? Start by testing DNSv6 on a small network and get your own conclusion that DNSv6 is harmless, but remember: The server (host) must support IPv6 And DNS server software must support IPv6 Deploy DNSv6 in an incremental fashion on existing networks DO NOT BREAK something that works fine (production IPv4 DNS)! DNSv6 Operational Requirements & Recommendations #2 How to get there? (cont.) For new large IPv6-only networks: enable IPv6-only resolvers to query the DNS for IPv4-only resources by (for example): Letting them query dual-stack forwarders Using some DNS ALG Bear in mind Any DNS zone SHOULD be served by at least one IPv4 All DNS zones (including root, yes, yes!) SHOULD be reachable over IPv4 and IPv6 7

DNS IPv6-capable software BIND (Resolver & Server) http://www.isc.org/products/bind/ BIND 9 (avoid older versions) On Unix distributions Resolver Library (+ (adapted) BIND) NSD (authoritative server only) http://www.nlnetlabs.nl/nsd/ Microsoft Windows (Resolver & Server)... 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information