IPv6 Support in the DNS. Workshop Name Workshop Location, Date

Similar documents

IPv6 Support in the DNS. Workshop Name Workshop Location, Date

IPv6 support in the DNS

DNS & IPv6. Agenda 4/14/2009. MENOG4, 8-9 April Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, DNS & IPv6.

APNIC elearning: Reverse DNS for IPv4 and IPv6

- Domain Name System -

ECE 4321 Computer Networks. Network Programming

IPv6 associated protocols. Piers O Hanlon

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

APNIC IPv6 Deployment

Use Domain Name System and IP Version 6

Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace

The Domain Name System

DNS : Domain Name System

An Introduction to the Domain Name System

Domain Name System (DNS) Fundamentals

Domain Name System :49:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

DNS Session 4: Delegation and reverse DNS. Joe Abley AfNOG 2006 workshop

Internet-Praktikum I Lab 3: DNS

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide

Introduction to DNS CHAPTER 5. In This Chapter

Overview. Principles Creating reverse zones Setting up nameservers Reverse delegation procedures IPv6 Reverse DNS

DNS Domain Name System

Domain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley

Agenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS

Domain Name Server. Training Division National Informatics Centre New Delhi

Understand Names Resolution

THE DOMAIN NAME SYSTEM DNS

Understanding DNS (the Domain Name System)

Introduction to the Domain Name System

How-to: DNS Enumeration

Hostnames. HOSTS.TXT was a bottleneck. Once there was HOSTS.TXT. CSCE515 Computer Network Programming. Hierarchical Organization of DNS

Distributed Systems. 09. Naming. Paul Krzyzanowski. Rutgers University. Fall 2015

The Domain Name System

DNS and BIND. David White

How To Guide Edge Network Appliance How To Guide:

Internet Structure and Organization

Basic DNS Course. Module 1. DNS Theory. Ron Aitchison ZYTRAX, Inc. Page 1 of 24

DNS - Domain Name System

Application Protocols in the TCP/IP Reference Model

DNS Measurements, Monitoring & Quality Control

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

DNS and Interface User Guide

DNS. Computer Networks. Seminar 12

Domain Name System (DNS)

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

Section 1 Overview Section 2 Home... 5

Domain Name Servers. Domain Types WWW host names. Internet Names. COMP476 Networked Computer Systems. Domain Name Servers

CS3250 Distributed Systems

Tunnel Client FAQ. Table of Contents. Version 0v5, November 2014 Revised: Kate Lance Author: Karl Auer

3. The Domain Name Service

Configuring the BIND name server (named) Configuring the BIND resolver Constructing the name server database files

Networking Domain Name System

DNS based Load Balancing with Fault Tolerance

DNS ActiveX Control for Microsoft Windows. Copyright Magneto Software All rights reserved

Lecture 2 CS An example of a middleware service: DNS Domain Name System

Configuring DNS. Finding Feature Information

CS 355. Computer Networking. Wei Lu, Ph.D., P.Eng.

Reverse DNS Delegations

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

The Use of DNS Resource Records

netkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)

Networking Domain Name System

The Domain Name System: An Integral Part of the Internet. By Keiko Ishioka

Campus IPv6 connection Campus IPv6 deployment

Glossary of Technical Terms Related to IPv6

FAQ (Frequently Asked Questions)

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

Part 5 DNS Security. SAST01 An Introduction to Information Security Martin Hell Department of Electrical and Information Technology

KB Windows 2000 DNS Event Messages 1 Through 1614

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Domain Name System

Advanced DNS Course. Module 4. DNS Load Balancing

DNS Domain Name System

ISP Systems Design. ISP Workshops. Last updated 24 April 2013

Enterprise Architecture Office Resource Document Design Note - Domain Name System (DNS)

IPv6 Security 111 Short Module on Security

Using Webmin and Bind9 to Setup DNS Sever on Linux

Domain Name System (DNS) RFC 1034 RFC

The Domain Name System (DNS)

DNS at NLnet Labs. Matthijs Mekking

DNS: Domain Name System

No. Time Source Destination Protocol Info DNS Standard query A weather.noaa.gov

Simple DNS Configuration Example

Domain Name System (or Service) (DNS) Computer Networks Term B10

DNS. DNS Fundamentals. Goals of this lab: Prerequisites: LXB, NET

Reverse DNS considerations for IPv6

Transcription:

IPv6 Support in the DNS Workshop Name Workshop Location, Date

Copy Rights This slide set is the ownership of the 6DEPLOY project via its partners The Powerpoint version of this material may be reused and modified only with written authorization Using part of this material must mention 6DEPLOY courtesy PDF files are available from www.6deploy.org Looking for a contact? Mail to : martin.potts@martel-consulting.ch Or bernard.tuy@renater.fr Formation IPv6 RENATER -Rouen, FR 2

Contributions Main authors Miguel Baptista, FCCN, Portugal Carlos Friaças, FCCN, Portugal Laurent Toutain, ENST-Bretagne IRISA, France Bernard Tuy, Renater, France Contributors Octavio Medina, ENST-Bretagne, France Mohsen Souissi, AFNIC, France Vincent Levigneron, AFNIC, France Thomas Noel, LSIIT, France Alain Durand, Sun Microsystems, USA Alain Baudot, France Telecom R&D, France Bill Manning, ISI, USA David Kessens, Qwest, USA Pierre-Emmanuel Goiffon, Renater, France Jérôme Durand, Renater, France Mónica Domingues, FCCN, Portugal Ricardo Patara, LACNIC, Uruguay Formation IPv6 RENATER -Rouen, FR 3

Prerequisites You should have followed previously the modules: 010-IPv6 Introduction 020-IPv6 Protocol 030-IPv6 Addressing Formation IPv6 RENATER -Rouen, FR 4

Agenda How important is the DNS? DNS Resource Lookup DNS Extensions for IPv6 Lookups in an IPv6-aware DNS Tree About Required IPv6 Glue in DNS Zones The Two Approaches to the DNS DNS IPv6-capable software IPv6 DNS and root servers DNSv6 Operational Requirements & Recommendations Formation IPv6 RENATER -Rouen, FR 5

How important is the DNS? Getting the IP address of the remote endpoint is necessary for every communication between TCP/IP applications Humans are unable to memorize millions of IP addresses (specially IPv6 addresses) To a larger extent : the Domain Name System provides applications with several types of resources (domain name servers, mail exchangers, reverse lookups, They need Hierarchy Distribution Redundancy Formation IPv6 RENATER -Rouen, FR 6

DNS Lookup root Query foo.g6.asso.fr RR? name server Query foo.g6.asso.fr RR? name server resolver Reply Refer to fr NS + glue Query foo.g6.asso.fr RR? Refer to asso.fr NS [+ glue] Query foo.g6.asso.fr RR? Refer to g6.asso.fr NS [+ glue] RR for foo.g6.asso.fr Query foo.g6.asso.fr RR? fr name server asso.fr name server g6.asso.fr name server fr de com asso inria abg afnic g6 Formation IPv6 RENATER -Rouen, FR 7

DNS Extensions for IPv6 RFC 1886 RFC 3596 AAAA : forward lookup ( Name IPv6 Address ): Equivalent to A record Example: ns3.nic.fr. IN A 192.134.0.49 IN AAAA 2001:660:3006:1::1:1 PTR : reverse lookup ( IPv6 Address Name ): Reverse tree equivalent to in-addr.arpa Main tree: ip6.arpa ( deprecated ) Former tree: ip6.int Example: $ORIGIN 1.0.0.0.6.0.0.3.0.6.6.0.1.0.0.2.ip6.arpa. 1.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0 PTR ns3.nic.fr. Formation IPv6 RENATER -Rouen, FR 8

Lookups in an IPv6-aware DNS Tree IP Addressà Name Name à IP Address arpa int com net fr in-addr ip6 ip6 itu apnic ripe nic 192 193 6.0.1.0.0.2 e.f.f.3 whois www ns3 0... 134... 255 0.6 0 4 192.134.0.49 6.0.0.3 ns3.nic.fr 49 192.134.0.49 è 49.0.134.192.in-addr.arpa. 1.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0 2001:660:3006:1::1:1 ns3.nic.fr 2001:660:3006:1::1:1 à 1.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.6.0.0.3.0.6.6.0.1.0.0.2.ip6.arpa Formation IPv6 RENATER -Rouen, FR 9

About Required IPv6 Glue in DNS Zones When the DNS zone is delegated to a DNS server (among others) contained in the zone itself Example: In zone file rennes.enst-bretagne.fr @ IN SOA rsm.rennes.enst-bretagne.fr. fradin.rennes.enst-bretagne.fr. (2005040201 ;serial 86400 ;refresh 3600 ;retry 3600000 ;expire} IN NS rsm IN NS univers.enst-bretagne.fr. [ ] ipv6 IN NS rhadamanthe.ipv6 IN NS ns3.nic.fr. IN NS rsm ; rhadamanthe.ipv6 IN A 192.108.119.134 IN AAAA 2001:660:7301:1::1 [ ] IPv4 glue (A 192.108.119.134 ) is required to reach rhadamanthe over IPv4 transport IPv6 glue (AAAA 2001:660:7301:1::1) is required to reach rhadamanthe over IPv6 transport Formation IPv6 RENATER -Rouen, FR 10

IPv6 DNS and root servers DNS root servers are critical resources ( US 13 roots «around» the world (#10 in the As of 01/2013, almost all root servers are IPv6 enabled and reachable via IPv6 networks But C, E, G, B? Need for mirror-like function for the root name servers To be installed in other locations (EU, Asia, Africa, ) Formation IPv6 RENATER -Rouen, FR 11

IPv6 DNS and root servers /2 New technique : anycast DNS server To build a clone from the primary master ( files ) Containing the same information ( address(es Using the same IP Such anycast servers have proved a successful strategy and a lot of them are already installed : F root server: Ottawa, Paris(Renater), Hongkong, Lisbon (FCCN) M root server: Tokyo, Paris (Renater), Seoul Look at http://www.root-servers.org for the complete and updated list. Formation IPv6 RENATER -Rouen, FR 12

The Two Approaches to the DNS The DNS seen as a database Stores different types of Resource Records (RRs) SOA, NS, A, AAAA, MX, PTR, DNS data is independent of the IP version (v4/v6) the DNS server is running on The DNS seen as a TCP/IP application The service is accessible in either transport modes (UDP/TCP) ( v4/v6 ) and over either IP versions Information given over both IP versions must be consistent Formation IPv6 RENATER -Rouen, FR 13

DNS IPv6-capable software (1) ( Server BIND (Resolver & http://www.isc.org/products/bind/ ( versions BIND 9 (avoid older On Unix distributions ( BIND Resolver Library (+ (adapted) ( only NSD (authoritative server http://www.nlnetlabs.nl/nsd/ Others ( Server Microsoft Windows (Resolver & Formation IPv6 RENATER -Rouen, FR 14

DNSv6 Operational Requirements & Recommendations The target today is not the transition from an IPv4- only to an IPv6-only environment How to get there? Start by testing DNSv6 on a small network and get your own conclusion that DNSv6 is harmless, but remember: The server (host) must support IPv6 And DNS server software must support IPv6 Deploy DNSv6 in an incremental fashion on existing networks DO NOT BREAK something that works fine (production IPv4 DNS)! Formation IPv6 RENATER -Rouen, FR 15

Questions Formation IPv6 RENATER 16 -Rouen, FR

Extra Slides

TLDs and IPv6 (1) One of IANA s functions is the DNS top-level delegations Changes in TLDs (e.g cctlds) has to be approved and activated by IANA Introduction of IPv6-capable nameservers at cctlds level has to be made through IANA Formation IPv6 RENATER -Rouen, FR 18

TLDs and IPv6 (2) How many servers supporting a domain should carry resource records information? Usually conservative approaches Preferably two name servers => located in geographically different areas Don t use long server names. 1024 bytes limit in DNS response datagrams Some cctlds had to renamed their servers servers same philosophy used by root Formation IPv6 RENATER -Rouen, FR 19