[Dnsmasq-discuss] coping with ipv6 source routing and dns

Gui Iribarren gui at altermundi.net
Thu Jan 30 20:02:04 GMT 2014 

On 01/30/2014 11:40 AM, Dave Taht wrote:>>> ?
>>>
>>> and then there's splitting dns... where I might want nuc.hm.armory.com
>>> AAAAs available to the outside universe. somehow.
>>
>>
>> Have you looked at the dnsmasq auth stuff for this?
>
> head, hurting.

hope a real-life example helps :)

$ cat /etc/dnsmasq.conf
enable-ra
dhcp-range=lan, 2a00:1508:1:f004::, ra-names
dhcp-option=option6:domain-search,red.deltalibre.org.ar
### up until here, simply send RAs on the local network,
### and tell clients the domain they belong to

### tun6 is a tunnel interface to a public v6 broker
auth-server=gw-red.deltalibre.org.ar,tun6
auth-zone=red.deltalibre.org.ar,2a00:1508:1:f004::/64
auth-sec-servers=dnsrelay1.altermundi.net

# Let others cache our /etc/hosts and dhcp.lease info
auth-ttl=602


with that configuration, here are some queries

$ dig aaaa gw-red.deltalibre.org.ar @8.8.8.8 +all
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5279
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;gw-red.deltalibre.org.ar.	IN	AAAA

;; ANSWER SECTION:
gw-red.deltalibre.org.ar. 7200	IN	AAAA	2a00:1508:1:f004::1

;; Query time: 2626 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Jan 30 16:38:48 2014
;; MSG SIZE  rcvd: 70

$ dig ns red.deltalibre.org.ar @8.8.8.8 +all
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34645
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;red.deltalibre.org.ar.		IN	NS

;; ANSWER SECTION:
red.deltalibre.org.ar.	602	IN	NS	gw-red.deltalibre.org.ar.
red.deltalibre.org.ar.	602	IN	NS	dnsrelay1.altermundi.net.

;; Query time: 568 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Jan 30 16:39:01 2014
;; MSG SIZE  rcvd: 98


That unusual TTL lets you tell apart which replies originated on my 
dnsmasq instance.

dnsrelay[12].altermundi.net are bind servers, elsewhere, which hold the 
NS record of red.deltalibre.org.ar pointing to gw-red host
as well as the "glue record" shown in the first query
(gw-red.deltalibre.org.ar. 7200	IN	AAAA	2a00:1508:1:f004::1)

[right now dnsrelay1.altermundi.net ipv4 is down :c so queries fail 
randomly when asking 8.8.8.8 depending on whether it tries to recurse to 
dnsrelay1 (down) or gw-red (up, ipv6-only) ]

but feel free to poke 2a00:1508:1:f004::1 directly

cheers!

gui


>
>>
>>
>> Simon.
>>
>>>
>>> ?
>>>
>>>
>>> My brain hurts.
>>>
>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
>

More information about the Dnsmasq-discuss mailing list