Questions about DNS64 operation

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Questions about DNS64 operation

Sukmoon Lee
Hello.

I testing DNS64 using 64:ff9b::/96(prefix).
Some domain(IN/A) is responses to 127.0.0.1/IN/A.
Under DNS64, this domain(IN/AAAA) is working 64:ff9b::7f00:1.

I want to response ::1 under DNS64.
Is there any way?

Thanks.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Questions about DNS64 operation

Mark Andrews
Why not just exclude 127.0.0.1 and not map to AAAA at all?

> On 29 Nov 2017, at 7:32 pm, Sukmoon Lee <[hidden email]> wrote:
>
> Hello.
>
> I testing DNS64 using 64:ff9b::/96(prefix).
> Some domain(IN/A) is responses to 127.0.0.1/IN/A.
> Under DNS64, this domain(IN/AAAA) is working 64:ff9b::7f00:1.
>
> I want to response ::1 under DNS64.
> Is there any way?
>
> Thanks.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: [hidden email]

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

RE: Questions about DNS64 operation

Sukmoon Lee
>
> Why not just exclude 127.0.0.1 and not map to AAAA at all?


If it is answer 127.0.0.1 for test.com/IN/A in an IPv4, the client will not attempt to connect to the network (only attempt to connect to loopback).

However, if it is query test.com/IN/AAAA in an IPv6, DNS64 will answer 64:ff9b::7f00:1 address. (dns64 prefix is 64:ff9b::/96).

Then, the client will attempt to connect to 64:ff9b::7f00:1(NAT64).

I want to prevent the client from attempting to network up to NAT64.

So I want to reply 127.0.0.1 to ::1 in DNS64.

And I was using to below option. But this is not what I want.

        dns64 64:ff9b::/96 {
                ...
                mapped { !127/8; any; };
        }

Thanks.





>
> > On 29 Nov 2017, at 7:32 pm, Sukmoon Lee <[hidden email]> wrote:
> >
> > Hello.
> >
> > I testing DNS64 using 64:ff9b::/96(prefix).
> > Some domain(IN/A) is responses to 127.0.0.1/IN/A.
> > Under DNS64, this domain(IN/AAAA) is working 64:ff9b::7f00:1.
> >
> > I want to response ::1 under DNS64.
> > Is there any way?
> >
> > Thanks.
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> >
> > bind-users mailing list
> > [hidden email]
> > https://lists.isc.org/mailman/listinfo/bind-users
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: [hidden email]

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Questions about DNS64 operation

Mark Andrews
Why is preventing 127.0.0.1 being mapped to a AAAA not enough?
Why do you want it mapped to ::1?  Such a mapping is NOT part of DNS64.

> On 30 Nov 2017, at 3:04 pm, Sukmoon Lee <[hidden email]> wrote:
>
>>
>> Why not just exclude 127.0.0.1 and not map to AAAA at all?
>
>
> If it is answer 127.0.0.1 for test.com/IN/A in an IPv4, the client will not attempt to connect to the network (only attempt to connect to loopback).
>
> However, if it is query test.com/IN/AAAA in an IPv6, DNS64 will answer 64:ff9b::7f00:1 address. (dns64 prefix is 64:ff9b::/96).
>
> Then, the client will attempt to connect to 64:ff9b::7f00:1(NAT64).
>
> I want to prevent the client from attempting to network up to NAT64.
>
> So I want to reply 127.0.0.1 to ::1 in DNS64.
>
> And I was using to below option. But this is not what I want.
>
> dns64 64:ff9b::/96 {
> ...
> mapped { !127/8; any; };
> }
>
> Thanks.
>
>
>
>
>
>>
>>> On 29 Nov 2017, at 7:32 pm, Sukmoon Lee <[hidden email]> wrote:
>>>
>>> Hello.
>>>
>>> I testing DNS64 using 64:ff9b::/96(prefix).
>>> Some domain(IN/A) is responses to 127.0.0.1/IN/A.
>>> Under DNS64, this domain(IN/AAAA) is working 64:ff9b::7f00:1.
>>>
>>> I want to response ::1 under DNS64.
>>> Is there any way?
>>>
>>> Thanks.
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>>
>>> bind-users mailing list
>>> [hidden email]
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>> --
>> Mark Andrews, ISC
>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> PHONE: +61 2 9871 4742              INTERNET: [hidden email]
>

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: [hidden email]

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users