[Dnsmasq-discuss] DNS64 support

Jan Seiffert kaffeemonster at googlemail.com
Tue Dec 28 19:06:48 GMT 2010


2010/12/28 Jima <jima at beer.tclug.org>:
>  First off, I understand if this notion gets shot down real fast; it's a
> bit of a corner case (although maybe not so much in coming months).
>
>  With IPv4 address depletion looming (IANA in the next 2 months, the
> first RIR likely before the end of 2011), I'm in the process of
> experimenting with a NAT64 environment, a way for IPv6-only clients to
> interact with IPv4 networks without a proxy.  One of the steps required
> is to enable DNS64.  There are several pieces of software that can do
> this, but it crossed my mind that since dnsmasq can already replace A
> results, it might not be terribly involved to adapt it to add the
> ability to replace them with AAAA results (rather than add another
> daemon that might require ongoing TLC), but that ran into a stumbling
> block: I'm REALLY rusty with C.
>
>  Ultimately, from my understanding, what DNS64 requires is replacing any
> A responses with AAAA,

No.
A queries are not touched by DNS64. You may suppress A answers (or
give NODATA), but that is a different matter.

DNS64 means you always answer AAAA queries.

So it is still the clients responsablity to do AAAA queries first and
prefer IPv6 in the address selection.

If there is a AAAA record upstream, give it out.
If there is no AAAA, you synthetize one from the prefix you mentioned
and for ex. the orig. IPv4 address.

So you need one or two config options (enable extra lookups + the
prefix for example, or when the prefix is configured, do additional A
lookups on AAAA).
When an AAAA query comes in you immideatly fire an additional A query
or when the AAAA comes back empty handed you (look in dnsmasq's cache
or) fire an A query.
After you have the A answer, you build the AAAA answer for the
original  AAAA query.

[snip]
>  I welcome any insights others might have, and I understand that the
> best move may very well be to use something designed specifically for
> this use case.
>

The next powerdns recurser should get DNS64 capabilities with some lua
scripting.
So if you already use your own recurser ;)
On the other hand your own recurser is the best way to fall out of
stupid IPv6 whitelists...

>  Thanks in advance; have a nice day.
>
>     Jima
>

Greetings
Jan


-- 
Murphy's Law of Combat
Rule #3: "Never forget that your weapon was manufactured by the
lowest bidder"



More information about the Dnsmasq-discuss mailing list