IETF Logo Mail Archive

Re: [homenet] DNS and IPV6 within the home

Mattia Rossi <mrossi@swin.edu.au> Fri, 09 September 2011 23:48 UTC

Return-Path: <mrossi@swin.edu.au>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A69221F8548 for <homenet@ietfa.amsl.com>; Fri, 9 Sep 2011 16:48:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.391
X-Spam-Level:
X-Spam-Status: No, score=0.391 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, MISSING_HEADERS=1.292, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WeXMREJ4JNOz for <homenet@ietfa.amsl.com>; Fri, 9 Sep 2011 16:48:00 -0700 (PDT)
Received: from outbound.icp-osb-irony-out8.iinet.net.au (outbound.icp-osb-irony-out8.iinet.net.au [203.59.1.134]) by ietfa.amsl.com (Postfix) with ESMTP id 56A9621F853A for <homenet@ietf.org>; Fri, 9 Sep 2011 16:48:00 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlYCANmkak58lKtG/2dsb2JhbAAMNqFdhT+DRgEBAQEDAQEBNTYKARALDQsJFg8JAwIBAgEVMBMBBQIBAYd2rwKIf4ZuBJM4hTSLeA
X-IronPort-AV: E=Sophos;i="4.68,358,1312128000"; d="scan'208";a="147354037"
Received: from unknown (HELO [192.168.15.65]) ([124.148.171.70]) by outbound.icp-osb-irony-out8.iinet.net.au with ESMTP/TLS/DHE-RSA-CAMELLIA256-SHA; 10 Sep 2011 07:49:53 +0800
Message-ID: <4E6AA624.4090103@swin.edu.au>
Date: Sat, 10 Sep 2011 09:49:56 +1000
From: Mattia Rossi <mrossi@swin.edu.au>
Organization: Swinburne University of Technology
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
CC: "homenet@ietf.org" <homenet@ietf.org>
References: <CA6AA9A1.160F35%john_brzozowski@cable.comcast.com> <CABmgDzQ8YHozJAbMsBUtGykP1yE955x5ADHJW=AJQYnO5DLcEA@mail.gmail.com> <24B3E422-944D-437F-9E49-0ED19595688E@cisco.com> <600EAD18-207F-473C-B6CE-6423482713EB@nominet.org.uk> <17B23BAB-439F-4EAD-B5EA-34C1C2FA5163@cisco.com>
In-Reply-To: <17B23BAB-439F-4EAD-B5EA-34C1C2FA5163@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [homenet] DNS and IPV6 within the home
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrossi@swin.edu.au
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2011 23:48:01 -0000

It should be something else than .local, as mDNS is using that (see 
Section 3 of 
http://tools.ietf.org/html/draft-cheshire-dnsext-multicastdns-14). Use 
of .local in unicast DNS and mDNS creates some problems (see 
http://avahi.org/wiki/AvahiAndUnicastDotLocal)

I have a similar setup like John in the Lab (using FreeBSD machines and 
BIND).
I have two separate DNS severs, one for IPv4 transport and one for IPv6 
transport. Both resolve AAAA and A addresses. Both resolve local hosts: 
The IPv4 DNS resolves all hosts in the Lab, and all names are visible 
form the Internet, while the IPv6 DNS resolves only a few hosts 
(manually entered) using the same domain as the IPv4 hosts, but they're 
not visible from the Internet.
I'm using SLAAC and RFC6106 (obsoletes RFC5006) to advertise the IPv6 
DNS and a DNS search list, which consists of the domain the hosts are 
in. The IPv4 DNS is set up manually, but I've tested it with DHCP 
assigned DNS as well, and it's just the same.
The result is that on my client I have 4 DNS servers, 1 IPv6 and 3 IPv4.

Now if I resolve a host in the Internet, it goes via IPv6 transport to 
my IPv6 DNS which then goes via an other forwarder etc. until the name 
is resolved. No problem there, most of the time.
In unlucky cases the name can't be resolved, and it falls back using the 
IPv4 DNS, until the name can be resolved, or until every DNS server has 
been tried.

If I look up a local host, it goes via IPv6 DNS and if it can't be 
resolved (about 95% of the hosts can't), it will fall back to IPv4 DNS 
and resolve the names.

But I see the problem: I'm using an authoritative BIND, not forwarding 
requests for the "local" domain upstream, John's DNS server might 
forward it.
And I think that's the real problem. I think users might really want to 
use .whatever for their local domain rather than .local or something 
predefined.

And what if a user gets a domain form their ISP, and the ability to 
register one or two hosts via some web-interface, but can't push names 
via local DNS? I'm sure that the user would still set up multiple hosts 
using the very same domain fro local networking, but in that case he'd 
have partial visibility from the Internet, the two hosts registered via 
web-interface are visible, and the rest is not. How to deal with that?

Mat


On 10/09/11 05:19, Fred Baker wrote:
>
> On Sep 9, 2011, at 12:16 PM, Ray Bellis wrote:
>
>> I don't personally think that "DNS existence tests" will be sufficient
>> - but ensuring that local nodes have their own private namespace (i.e.
>> ".local") would avoid that.
>
> yes
>
>
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet

v2.23.0 | Report a Bug | By Email