IETF Logo Mail Archive

Re: [BEHAVE] using IPv4-mapped DNS/DNS64 resolvers for dual-stack/IPv6-only hosts

"Dan Wing" <dwing@cisco.com> Tue, 09 March 2010 03:20 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7A7B93A67FD for <behave@core3.amsl.com>; Mon, 8 Mar 2010 19:20:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.43
X-Spam-Level:
X-Spam-Status: No, score=-10.43 tagged_above=-999 required=5 tests=[AWL=0.169, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A6Pfs+4f4G5E for <behave@core3.amsl.com>; Mon, 8 Mar 2010 19:20:47 -0800 (PST)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id E0E233A67F4 for <behave@ietf.org>; Mon, 8 Mar 2010 19:20:44 -0800 (PST)
Authentication-Results: sj-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArcJAONNlUurRN+K/2dsb2JhbACHVIESkktzoBqYWIR4BIMX
X-IronPort-AV: E=Sophos;i="4.49,605,1262563200"; d="scan'208";a="245191668"
Received: from sj-core-4.cisco.com ([171.68.223.138]) by sj-iport-2.cisco.com with ESMTP; 09 Mar 2010 03:20:41 +0000
Received: from dwingwxp01 ([10.32.240.195]) by sj-core-4.cisco.com (8.13.8/8.14.3) with ESMTP id o293KfJ0005405; Tue, 9 Mar 2010 03:20:41 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Zhen Cao' <zehn.cao@gmail.com>
References: <AcqsFrQAWo81hYVBRbKSjMqPHFKU+w==> <13cd01caac1e$0cd62e80$c4f0200a@cisco.com> <c549bac51003081912t13150804s6f252e2d51f6c20a@mail.gmail.com>
Date: Mon, 08 Mar 2010 19:20:41 -0800
Message-ID: <29d401cabf37$7f843e00$667a150a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acq/Nmzr2ivZii+fScWVwhPDZ56SzQAAKCuQ
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
In-Reply-To: <c549bac51003081912t13150804s6f252e2d51f6c20a@mail.gmail.com>
Cc: behave@ietf.org
Subject: Re: [BEHAVE] using IPv4-mapped DNS/DNS64 resolvers for dual-stack/IPv6-only hosts
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Mar 2010 03:20:52 -0000

 

> -----Original Message-----
> From: Zhen Cao [mailto:zehn.cao@gmail.com] 
> Sent: Monday, March 08, 2010 7:13 PM
> To: Dan Wing
> Cc: behave@ietf.org
> Subject: Re: [BEHAVE] using IPv4-mapped DNS/DNS64 resolvers 
> for dual-stack/IPv6-only hosts
> 
> Late catch-up with one comment on the approach:
> 
> if a dual stack host sends a query to first DNS (::ffff:192.0.2.1) but
> fails to get any resultsr, it will failover to the second DNS 

Right.

> and there will be the same problem that traffic will be translated 
> via NAT64?

Yes.

So that means the first DNS server better be working.  

I expect the industry can accomplish that.  _One_ way to accomplish that is to
operate both servers on the same physical server, listening on two different
IP addresses, and responding differently based on the incoming packet.


So far, based on email discussion, this is the only viable idea that does not
require modifying the host.  (I consider the DHCPv6 manipulations in my draft
to be non-viable, even though they do not require modifying the host).

-d


> Thanks,
> Zhen
> 
> On Sat, Feb 13, 2010 at 4:00 AM, Dan Wing <dwing@cisco.com> wrote:
> > A few weeks ago there was an active thread on BEHAVE and 
> 3Gv6@ietf.org,
> > worrying about how a network containing a mix of dual-stack 
> hosts and
> > IPv6-only hosts would work.  Ideally, to prevent 
> unnecessary address family
> > translation, the dual-stack hosts should use a 'normal' DNS 
> resolver and the
> > IPv6-only hosts should use a DNS64 resolver.  However, it 
> is difficult to
> > detect if a host is dual-stack or is IPv6-only.
> >
> > So, I wrote an Internet Draft describing details of several 
> approaches that
> > had been discussed on the mailing list, and attempted to 
> provide a list of
> > advantages/disadvantages to each.
> >
> >
> > While writing them down, I came up with another approach 
> which uses an
> > IPv4-mapped address in the list of IPv6 DNS servers.  An 
> IPv6-only host cannot
> > use that address, so it would use the next DNS server on the list; a
> > dual-stack host can use such a DNS server.  Details are in:
> >
> > 
> http://tools.ietf.org/html/draft-wing-behave-dns64-config-02#s
> ection-3.1
> >
> > Please comment on this approach.  For whatever it's worth, 
> the idea seems to
> > work.
> >
> > -d
> >
> > _______________________________________________
> > Behave mailing list
> > Behave@ietf.org
> > https://www.ietf.org/mailman/listinfo/behave
> >

v2.23.0 | Report a Bug | By Email