IPv6 Support in the DNS. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011

Similar documents
IPv6 Support in the DNS

IPv6 support in the DNS

Networking Applications

Testing IPv6 address records in the DNS root

DNS. David Malone. 19th October 2004

The Domain Name System

K-Root Name Server Operations

Root DNS Anycast in South Asia

K-Root Nameserver Operations

Lecture 4: Basic Internet Operations

The Domain Name System

APNIC elearning: DNS Concepts

KENIC-AFRINIC IPv6 Workshop 17th 20th June 2008

Preparation Test AAAA and EDNS0 support Share Your Results Results Reported Testing Period

page 1 Plain Old DNS WACREN, DNS/DNSSEC Regional Workshop Ouagadougou, October 2016

Protocol Classification

A Root DNS Server. Akira Kato. Brief Overview of M-Root. WIDE Project

DNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific

The Need for IPv6 Deployment in the Domain Business

IPv6. Technical overview Policies & Procedures. Address depletion concerns. Squeeze on available addresses space

DNS / DNSSEC Workshop. bdnog November 2017, Dhaka, Bangladesh

DNS and BIND Rock Eagle Computing Conference October 27, 2000 CL 10/25/00

IPv6 Autoconfiguration. Stateless and Stateful. Rabat, Maroc Mars 2007

CSE 265: System & Network Administration

SOFTWARE ARCHITECTURE 9. NAME RESOLUTION.

ROOT SERVERS MANAGEMENT AND SECURITY

IPv6 Associated Protocols. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011

IPv6 Addressing case studies. Athanassios Liakopoulos

Reverse DNS Overview

ECE 650 Systems Programming & Engineering. Spring 2018

DNS Concepts. Acknowledgements July 2005, Thimphu, Bhutan. In conjunction with SANOG VI. Bill Manning Ed Lewis Joe Abley Olaf M.

f.root-servers.net ISOC cctld Workshop Nairobi, Kenya, 2005

IPV6 ON THE INTERNET

APNIC elearning: Reverse DNS for IPv4 and IPv6

CompSci 356: Computer Network Architectures. Lecture 20: Domain Name System (DNS) and Content distribution networks Chapter 9.3.1

INSTITUT NATIONAL DES TELECOMMUNICATIONS. MSc Computer and Communication Networks MSc Information Technology Final Examination

DNS. A Massively Distributed Database. Justin Scott December 12, 2018

Domain Name System (DNS)

Hands-on Session Applications

Athanassios Liakopoulos Slovenian IPv6 Training, Ljubljana, May 2010

Advanced Networking. Domain Name System

Advanced Networking. Domain Name System. Purpose of DNS servers. Purpose of DNS servers. Purpose of DNS servers

The net and it s Ecosystem

DNS / DNSSEC Workshop. bdnog May 2017, Bogra, Bangladesh

Computer Networks. Domain Name System. Jianping Pan Spring /25/17 CSC361 1

System Up and Running. We are now going to shut down the system. Load Average: How Busy the System Is. System Halt (1)

Internet Engineering Task Force (IETF) Request for Comments: 7706 Category: Informational ISSN: November 2015

Domain Name Service. DNS Overview. October 2009 Computer Networking 1

Goal of this session

DNS Fundamentals. Steve Conte ICANN60 October 2017

S Computer Networks - Spring What and why? Structure of DNS Management of Domain Names Name Service in Practice

CSCE 463/612 Networks and Distributed Processing Spring 2018

Welcome! Acknowledgements. Introduction to DNS. cctld DNS Workshop October 2004, Bangkok, Thailand

Domain Name System.

Root Servers. Root hints file come in many names (db.cache, named.root, named.cache, named.ca) See root-servers.org for more detail

DNS, DHCP and Auto- Configuration. IPv6 Training Day 18 th September 2012 Philip Smith APNIC

CSc 450/550 Computer Networks Domain Name System

DNS. Introduction To. everything you never wanted to know about IP directory services

The State and Challenges of the DNSSEC Deployment. Eric Osterweil Michael Ryan Dan Massey Lixia Zhang

CSC 574 Computer and Network Security. DNS Security

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration. Chapter 5 Introduction to DNS in Windows Server 2008

RIPE NCC DNS Update. Wolfgang Nagele DNS Services Manager

RSSAC Activities Update. Lars Johan Liman and Tripti Sinha RSSAC Chair ICANN-54 October 2015

22/06/ :37 DNS COMPLIANCE. Fred Baker Internet Systems Consortium

DNS Basics BUPT/QMUL

Distributed Systems. Distributed Systems Within the Internet Nov. 9, 2011

IPv6 tutorial. RedIRIS Miguel Angel Sotos

Configuration of Authoritative Nameservice

CS519: Computer Networks. Lecture 6: Apr 5, 2004 Naming and DNS

DNS Related Activities at the RIPE NCC

6DISS 19 septembre IPv6 workshop. Port Elizabeth, South Africa Sept. 19th & 20th. Copy Rights

IPv6 Addressing case studies

CS615 - Aspects of System Administration

Domain Name System - Advanced Computer Networks

Routing Protocols Internal and External Routing. 6DEPLOY. IPv6 Deployment and Support

Domain Name System (DNS) DNS Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale. The old solution: HOSTS.

Routing Protocols Internal and External Routing. 6DEPLOY. IPv6 Deployment and Support

IPv6 How-To for a Registry 17th CENTR Technical Workshop

IPv6 associated protocols

CSE 127 Computer Security

Routing Policy Specification Language next generation. 6DEPLOY. IPv6 Deployment and Support

IPv6 workshop. Quito - Ecuador 26th 28th July Miguel Baptista WALC 2006 (Quito, Ecuador July 06)

Manual Configuration Stateful Address Configuration (i.e. from servers) Stateless Autoconfiguration : IPv6

Answer: B. Answer: D. Answer: C

6to4 Reverse DNS Delegation

Peer-to-Peer Networks and the DNS

A DNS Tutorial

CSCI-1680 DNS Rodrigo Fonseca

Security Impact of DNS Delegation Structure and Configuration Problems

Is Your Caching Resolver Polluting the Internet?

RPSLng. Routing Policy Specification Language - Next Generation

CS615 - Aspects of System Administration

Domain Name Service. in-addr sfu

DNS. DNS is an example of a large scale client-server application.

Lesson 9: Configuring DNS Records. MOAC : Administering Windows Server 2012

CIA Lab Assignment: Domain Name System (1)

Table of Contents DNS. Short history of DNS (1) DNS and BIND. Specification and implementation. A short history of DNS. Root servers.

Keeping DNS parents and children in sync at Internet Speed! Ólafur Guðmundsson

DNS & Iodine. Christian Grothoff.

Client Server Concepts, DNS, DHCP

Transcription:

IPv6 Support in the DNS Athanassios Liakopoulos (aliako@grnet.gr) 6DEPLOY IPv6 Training, Skopje, June 2011

Copy Rights This slide set is the ownership of the 6DEPLOY project via its partners The Powerpoint version of this material may be reused and modified only with written authorization Using part of this material must mention 6DEPLOY courtesy PDF files are available from www.6deploy.org Looking for a contact? Mail to : martin.potts@martel-consulting.ch Or bernard.tuy@renater.fr 6DEPLOY IPv6 Training, Skopje, Jun'11 2

Agenda How important is the DNS? DNS Resource Lookup DNS Extensions for IPv6 Lookups in an IPv6-aware DNS Tree About Required IPv6 Glue in DNS Zones The Two Approaches to the DNS DNS IPv6-capable software IPv6 DNS and root servers DNSv6 Operational Requirements & Recommendations 6DEPLOY IPv6 Training, Skopje, Jun'11 3

How important is the DNS? Getting the IP address of the remote endpoint is necessary for every communication between TCP/IP applications Humans are unable to memorize millions of IP addresses (specially IPv6 addresses) To a larger extent : the Domain Name System provides applications with several types of resources (domain name servers, mail exchangers, reverse lookups, They need Hierarchy Distribution Redundancy 6DEPLOY IPv6 Training, Skopje, Jun'11 4

DNS Lookup root Query foo.g6.asso.fr RR? name server Query foo.g6.asso.fr RR? name server resolver Reply Refer to fr NS + glue Query foo.g6.asso.fr RR? Refer to asso.fr NS [+ glue] Query foo.g6.asso.fr RR? Refer to g6.asso.fr NS [+ glue] RR for foo.g6.asso.fr Query foo.g6.asso.fr RR? fr name server asso.fr name server g6.asso.fr name server fr de com asso inria abg afnic g6 6DEPLOY IPv6 Training, Skopje, Jun'11 5

DNS Extensions for IPv6 RFC 1886 RFC 3596 AAAA : forward lookup ( Name IPv6 Address ): Equivalent to A record Example: ns3.nic.fr. IN A 192.134.0.49 IN AAAA 2001:660:3006:1::1:1 PTR : reverse lookup ( IPv6 Address Name ): Reverse tree equivalent to in-addr.arpa Main tree: ip6.arpa ( deprecated ) Former tree: ip6.int Example: $ORIGIN 1.0.0.0.6.0.0.3.0.6.6.0.1.0.0.2.ip6.arpa. 1.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0 PTR ns3.nic.fr. 6DEPLOY IPv6 Training, Skopje, Jun'11 6

Lookups in an IPv6-aware DNS Tree IP Address Name Name IP Address arpa int com net fr in-addr ip6 ip6 itu apnic ripe nic 0... 192 134 0 49 193 6.0.1.0.0.2 e.f.f.3 whois www ns3... 255 0.6 4 192.134.0.49 6.0.0.3 ns3.nic.fr 1.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0 192.134.0.49 2001:660:3006:1::1:1 49.0.134.192.in-addr.arpa. ns3.nic.fr 2001:660:3006:1::1:1 1.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.6.0.0.3.0.6.6.0.1.0.0.2.ip6.arpa 6DEPLOY IPv6 Training, Skopje, Jun'11 7

About Required IPv6 Glue in DNS Zones When the DNS zone is delegated to a DNS server (among others) contained in the zone itself Example: In zone file rennes.enst-bretagne.fr @ IN SOA rsm.rennes.enst-bretagne.fr. fradin.rennes.enst-bretagne.fr. (2005040201 serial 86400 refresh 3600 3600000 retry expire} IN NS rsm IN NS univers.enst-bretagne.fr. [ ] ipv6 IN NS rhadamanthe.ipv6 IN NS ns3.nic.fr. IN NS rsm rhadamanthe.ipv6 IN A 192.108.119.134 IN AAAA 2001:660:7301:1::1 [ ] IPv4 glue (A 192.108.119.134 ) is required to reach rhadamanthe over IPv4 transport IPv6 glue (AAAA 2001:660:7301:1::1) is required to reach rhadamanthe over IPv6 transport 6DEPLOY IPv6 Training, Skopje, Jun'11 8

IPv6 DNS and root servers DNS root servers are critical resources ( US 13 roots «around» the world (#10 in the As of June 2011, 9 root servers are IPv6 enabled and reachable via IPv6 networks, e.g. A, D, F, H, I, J, K, L M http://www.root-servers.org/ 102 out of 252 country code TLD (cctlds) with at least one IPv6 2008 enabled DNS server) April Need for mirror-like function for the root name servers To be installed in other locations (EU, Asia, Africa, ) 6DEPLOY IPv6 Training, Skopje, Jun'11 9

A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30. 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D. 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F. 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235. 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53. 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30. 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1. 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42. 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 6DEPLOY IPv6 Training, Skopje, Jun'11 10

IPv6 DNS and root servers /2 New technique : anycast DNS server To build a clone from the primary master ( files ) Containing the same information ( address(es Using the same IP Such anycast servers have proved a successful strategy and a lot of them are already installed : F root server: Ottawa, Paris(Renater), Hongkong, Lisbon (FCCN) M root server: Tokyo, Paris (Renater), Seoul Look at http://www.root-servers.org for the complete and updated list. 6DEPLOY IPv6 Training, Skopje, Jun'11 11

The Two Approaches to the DNS The DNS seen as a database Stores different types of Resource Records (RRs) SOA, NS, A, AAAA, MX, PTR, DNS data is independent of the IP version (v4/v6) the DNS server is running on The DNS seen as a TCP/IP application The service is accessible in either transport modes (UDP/TCP) ( v4/v6 ) and over either IP versions Information given over both IP versions must be consistent 6DEPLOY IPv6 Training, Skopje, Jun'11 12

DNS IPv6-capable software (1) ( Server BIND (Resolver & http://www.isc.org/products/bind/ ( versions BIND 9 (avoid older On Unix distributions ( BIND Resolver Library (+ (adapted) only Name Server Daemon (NSD) authoritative server http://www.nlnetlabs.nl/nsd/ 6DEPLOY IPv6 Training, Skopje, Jun'11 13

DNS IPv6-capable software (2) ( Server Microsoft Windows (Resolver & It has been reported that Windows XP resolver cannot interact with DNS servers over an IPv6 transport. It needs an IPv4 network to query a DNS server. => This is no more an issue for Windows Vista users. Microsoft Windows XP default resolver only queries over IPv4 transport: Install BIND 9 for Windows XP and uses BINDs resolver or Have a local dual stack DNS server. Via DHCP, assign IPv4 address advertise the DNS server IPv4 address to XP users. 6DEPLOY IPv6 Training, Skopje, Jun'11 14

DNSv6 Operational Requirements & Recommendations The target today is not the transition from an IPv4- only to an IPv6-only environment How to get there? Start by testing DNSv6 on a small network and get your own conclusion that DNSv6 is harmless, but remember: The server (host) must support IPv6 And DNS server software must support IPv6 Deploy DNSv6 in an incremental fashion on existing networks DO NOT BREAK something that works fine (production IPv4 DNS)! 6DEPLOY IPv6 Training, Skopje, Jun'11 15

Questions? 6DEPLOY IPv6 Training, Skopje, Jun'11 16

Some Global Statistics Global IPv6 Progress Report (http://bgp.he.net/ipv6-progress-report.cgi) TLD domains A AAAA A-glue AAAA-glue com 95689170 85595028 678915 1847135 1744 net 13987112 11976420 140170 419545 2163 de 13155766 11091346 1747046 398186 114 org 9248100 8111565 87137 281685 1118 info 7865497 6457222 86635 370153 476 biz 2102578 1775952 29656 21887 43 us 1680259 1460301 5091 15555 80 ca 1420247 1074210 2548 16053 17 mobi 1018228 791295 8306 4825 54 6DEPLOY IPv6 Training, Skopje, Jun'11 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback