IETF Logo Mail Archive

Re: [homenet] DNS and IPV6 within the home

"Brzozowski, John" <John_Brzozowski@Cable.Comcast.com> Sat, 10 September 2011 17:22 UTC

Return-Path: <john_brzozowski@cable.comcast.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2679521F8770 for <homenet@ietfa.amsl.com>; Sat, 10 Sep 2011 10:22:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.118
X-Spam-Level:
X-Spam-Status: No, score=-106.118 tagged_above=-999 required=5 tests=[AWL=2.345, BAYES_00=-2.599, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TBS2JGPlPXNn for <homenet@ietfa.amsl.com>; Sat, 10 Sep 2011 10:22:54 -0700 (PDT)
Received: from pacdcimo01.cable.comcast.com (PacdcIMO01.cable.comcast.com [24.40.8.145]) by ietfa.amsl.com (Postfix) with ESMTP id F357A21F85FF for <homenet@ietf.org>; Sat, 10 Sep 2011 10:22:53 -0700 (PDT)
Received: from ([24.40.55.41]) by pacdcimo01.cable.comcast.com with ESMTP id 5503620.139720035; Sat, 10 Sep 2011 13:24:40 -0400
Received: from PACDCEXMB01.cable.comcast.com ([fe80::3cf0:9cac:6c2a:7359]) by PACDCEXHUB02.cable.comcast.com ([fe80::11d4:f530:37a0:9f4e%11]) with mapi id 14.01.0289.001; Sat, 10 Sep 2011 13:24:40 -0400
From: "Brzozowski, John" <John_Brzozowski@Cable.Comcast.com>
To: "mrossi@swin.edu.au" <mrossi@swin.edu.au>
Thread-Topic: [homenet] DNS and IPV6 within the home
Thread-Index: AQHMbxYIWcJkffRMgkGkkKwJaiit0pVFm3uAgAANUoCAAAYRAIAAAOaAgABLeACAAORaAA==
Date: Sat, 10 Sep 2011 17:24:39 +0000
Message-ID: <CA9114C0.17DC70%john_brzozowski@cable.comcast.com>
In-Reply-To: <4E6AA624.4090103@swin.edu.au>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.12.0.110505
x-originating-ip: [10.25.244.10]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <6F7BA6609987D94EB81C1FD70CA60072@cable.comcast.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "homenet@ietf.org" <homenet@ietf.org>
Subject: Re: [homenet] DNS and IPV6 within the home
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Sep 2011 17:22:56 -0000

My IPv6 DNS is currently forwarding to my service providers recursive DNS
servers or some other server on the Internet.


My local IPv4 DNS server privately addressed and will forward for any
request it is not authoritative for, which works fine.

I am going to change the setup so that the RFC5006 DNS server IPv6 address
and the IPv4 DNS server addresses are the same server.  This server will
have forwarding statements for the internal zones to the internal DNS
server.  I imagine this will iron things out.  Alternatively if the IPv4
local DNS servers were also IPv6 transport enabled I could just use it,
however, this is not the case.

The last scenario you describe below is indeed another case that requires
attention.  I have been doing this for years as such I have had to
manually managed two separate DNS systems.  One that is authoritative
globally on the Internet and one that is locally managed.

One thing to note, while both of the above are reasonable for the average
engineer to tackle it is unlikely that a lay person would know how to
manage these situations.

John

On 9/9/11 7:49 PM, "Mattia Rossi" <mrossi@swin.edu.au> wrote:

>It should be something else than .local, as mDNS is using that (see
>Section 3 of 
>http://tools.ietf.org/html/draft-cheshire-dnsext-multicastdns-14). Use
>of .local in unicast DNS and mDNS creates some problems (see
>http://avahi.org/wiki/AvahiAndUnicastDotLocal)
>
>I have a similar setup like John in the Lab (using FreeBSD machines and
>BIND).
>I have two separate DNS severs, one for IPv4 transport and one for IPv6
>transport. Both resolve AAAA and A addresses. Both resolve local hosts:
>The IPv4 DNS resolves all hosts in the Lab, and all names are visible
>form the Internet, while the IPv6 DNS resolves only a few hosts
>(manually entered) using the same domain as the IPv4 hosts, but they're
>not visible from the Internet.
>I'm using SLAAC and RFC6106 (obsoletes RFC5006) to advertise the IPv6
>DNS and a DNS search list, which consists of the domain the hosts are
>in. The IPv4 DNS is set up manually, but I've tested it with DHCP
>assigned DNS as well, and it's just the same.
>The result is that on my client I have 4 DNS servers, 1 IPv6 and 3 IPv4.
>
>Now if I resolve a host in the Internet, it goes via IPv6 transport to
>my IPv6 DNS which then goes via an other forwarder etc. until the name
>is resolved. No problem there, most of the time.
>In unlucky cases the name can't be resolved, and it falls back using the
>IPv4 DNS, until the name can be resolved, or until every DNS server has
>been tried.
>
>If I look up a local host, it goes via IPv6 DNS and if it can't be
>resolved (about 95% of the hosts can't), it will fall back to IPv4 DNS
>and resolve the names.
>
>But I see the problem: I'm using an authoritative BIND, not forwarding
>requests for the "local" domain upstream, John's DNS server might
>forward it.
>And I think that's the real problem. I think users might really want to
>use .whatever for their local domain rather than .local or something
>predefined.
>
>And what if a user gets a domain form their ISP, and the ability to
>register one or two hosts via some web-interface, but can't push names
>via local DNS? I'm sure that the user would still set up multiple hosts
>using the very same domain fro local networking, but in that case he'd
>have partial visibility from the Internet, the two hosts registered via
>web-interface are visible, and the rest is not. How to deal with that?
>
>Mat
>
>
>On 10/09/11 05:19, Fred Baker wrote:
>>
>> On Sep 9, 2011, at 12:16 PM, Ray Bellis wrote:
>>
>>> I don't personally think that "DNS existence tests" will be sufficient
>>> - but ensuring that local nodes have their own private namespace (i.e.
>>> ".local") would avoid that.
>>
>> yes
>>
>>
>> _______________________________________________
>> homenet mailing list
>> homenet@ietf.org
>> https://www.ietf.org/mailman/listinfo/homenet
>
>_______________________________________________
>homenet mailing list
>homenet@ietf.org
>https://www.ietf.org/mailman/listinfo/homenet

v2.23.0 | Report a Bug | By Email