Testing IPv6 Address Records in the DNS Root APNIC 23 February 2007 Geoff Huston Chief Scientist APNIC.

Slides:



Advertisements
Similar presentations
29jun2005Bill Manning IPv6 and DNS why is the root not available over IPV6 transport and when will it be fixed? bill manning - LACNIC-VIII.
Advertisements

ICANN John L. Crain LACNIC V, La Habana,
Update on IANA APNIC Meeting 29 February 2008 Barbara Roseman Internet Assigned Numbers Authority.
Introduction to Linux Networking in Linux. Internet In 1970's, DARPA (Defence Advanced Research Projects Agency) wanted something to link their computers.
Network Attack via DNS Fagpakke: IT Sikkerhed Modul: Introduktion til IT Sikkerhed Jesper Buus Nielsen.
1 Addition of IPv6 servers to in-addr.arpa tree DNS Operations Sig APNIC 18 2 September 2004, Fiji.
© NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License Introduction.
Updates to ‘dnscap’ Duane Wessels DNS-OARC Workshop Dublin May 12, 2013.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
1 Internet Networking Spring 2006 Tutorial 8 DNS and DHCP as UDP applications.
Introduction to the DNS AfCHIX 2011 Blantyre, Malawi.
6.033 Lecture 14 DNS and Content Delivery Networks Sam Madden Key ideas: Domain name service Content delivery networks Network overlays.
1 Name Service in IPv6 Mobile Ad-hoc Network connected to the Internet Jaehoon Jeong, ETRI PIMRC 2003.
Recursive Server. Overview Recursive Service Root server list localhost in-addr.arpa named.conf.
DirectAccess is an Enterprise Solution: No support for Windows 7 Professional Requires two consecutive public IP addresses Cannot NAT to the DirectAccess.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
DNS Domain Name Service References: Wikipedia 1.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Domain Name Services Oakton Community College CIS 238.
Lecturer : Ms.Trần Thị Ngọc Hoa Chapter 2 Methods Configuring Name Resolution Methods.
Linux Networking Commands
VAVLPVCTYMAUS PSABLADDERZSB EBSANTESHTICL RLDUDSKTTVSRA EDEARCENEAUOD CRFNORSASINTD TPEUUOCPTDATP UNRTMTRBEEXME MIEUSUULSNSNN USNMEMNISAIIT AESXSVPENNISI.
A question of protocol Geoff Huston APNIC 36. Originally there was RFC791: “All hosts must be prepared to accept datagrams of up to 576 octets (whether.
1 Spring Semester 2009, Dept. of Computer Science, Technion Internet Networking recitation #2 DNS and DHCP.
Advanced Module 3 Stealth Configurations.
QPLNHTURBIOTS CADAIASOINCOS OSTPOSTLGVAGT AJRLFKLEROUEA CLARITYSOLSTB HTEAMVSRUVAHI INTERACTPELEL NAPKSOCIALIRI GSOCIOGRAMTST CONFORMITYYTY 14 WORDS ANSWERS.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 17 Domain Name System (DNS)
Geoff Huston APNIC Labs
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.
DNS Related Commands Sayed Ahmed Computer Engineering, BUET, Bangladesh (Graduated on 2001 ) MSc, Computer Science, U of Manitoba, Canada
Chapter 29 Domain Name System (DNS) Allows users to reference computer names via symbolic names translates symbolic host names into associated IP addresses.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Domain Name System CH 25 Aseel Alturki
Deploying a Web Application Presented By: Muhammad Naveed Date:
Module 8 DNS Tools & Diagnostics. Objectives Understand dig and nslookup Understand BIND toolset Understand BIND logs Understand wire level messages.
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking DNS 0.
© NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License Practicalities.
Configuring Name Resolution and Additional Services Lesson 12.
A study of caching behavior with respect to root server TTLs Matthew Thomas, Duane Wessels October 3 rd, 2015.
Module 8 DNS Tools & Diagnostics. Dig always available with BIND (*nix) and windows Nslookup available on windows and *nix Dig on windows – unpack zip,
Computer Networks Fall, 2007 Prof Peterson. CIS 235: Networks Fall, 2007 Western State College How’s it going??
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 18 Domain Name System (DNS)
1 CMPT 471 Networking II DNS © Janice Regan,
OPTION section It is the first section of the named.conf User can use only one option statement and many option-value pair under the section. Syntax is.
Domain Name System (DNS) Joe Abley AfNOG Workshop, AIS 2014, Djibouti Session-1: Fundamentals.
DNS Removals - Changing a TLD server‘s address - Peter Koch OARC DNS Operational Meeting Ottawa, 25-SEP-2008.
Domain Name System INTRODUCTION to Eng. Yasser Al-eimad
WHAT IS DNS??????????.
So DNS is A client-server application that maps domain names into their corresponding IP addresses with the help of name servers. Mapping domain names.
Monitoring, analyzing and cleaning DNS configuration errors across European NRENs Slavko Gajin University of Belgrade, Serbia
1 CMPT 471 Networking II DNS © Janice Regan,
Geoff Huston APNIC March 2017
IMPLEMENTING NAME RESOLUTION USING DNS
Chapter 25 Domain Name System.
Data Communications and Networking DNS
DNS over IPv6 - A Study in Fragmentation
Chapter 25 Domain Name System
Chapter 25 Domain Name System.
Chapter 25 Domain Name System
Presentation transcript:

Testing IPv6 Address Records in the DNS Root APNIC 23 February 2007 Geoff Huston Chief Scientist APNIC

Priming a DNS name server 1.Take the provided root hints file 2.Generate a DNS query for resource records of type NS for the DNS root zone (.) 3.Send the query to one of the servers listed in the root hints file 4.Load the response into the server state as the root name servers

Example of a Priming Query dig ; > DiG > ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: IN NS E.ROOT-SERVERS.NET IN NS F.ROOT-SERVERS.NET IN NS G.ROOT-SERVERS.NET IN NS H.ROOT-SERVERS.NET IN NS I.ROOT-SERVERS.NET IN NS J.ROOT-SERVERS.NET IN NS K.ROOT-SERVERS.NET IN NS L.ROOT-SERVERS.NET IN NS M.ROOT-SERVERS.NET IN NS A.ROOT-SERVERS.NET IN NS B.ROOT-SERVERS.NET IN NS C.ROOT-SERVERS.NET IN NS D.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET IN A B.ROOT-SERVERS.NET IN A C.ROOT-SERVERS.NET IN A D.ROOT-SERVERS.NET IN A E.ROOT-SERVERS.NET IN A F.ROOT-SERVERS.NET IN A G.ROOT-SERVERS.NET IN A H.ROOT-SERVERS.NET IN A I.ROOT-SERVERS.NET IN A J.ROOT-SERVERS.NET IN A K.ROOT-SERVERS.NET IN A L.ROOT-SERVERS.NET IN A M.ROOT-SERVERS.NET IN A ;; Query time: 22 msec ;; SERVER: #53( ) ;; WHEN: Sun Feb 11 14:54: ;; MSG SIZE rcvd: 436

Note! dig ; > DiG > ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: IN NS E.ROOT-SERVERS.NET IN NS F.ROOT-SERVERS.NET IN NS G.ROOT-SERVERS.NET IN NS H.ROOT-SERVERS.NET IN NS I.ROOT-SERVERS.NET IN NS J.ROOT-SERVERS.NET IN NS K.ROOT-SERVERS.NET IN NS L.ROOT-SERVERS.NET IN NS M.ROOT-SERVERS.NET IN NS A.ROOT-SERVERS.NET IN NS B.ROOT-SERVERS.NET IN NS C.ROOT-SERVERS.NET IN NS D.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET IN A B.ROOT-SERVERS.NET IN A C.ROOT-SERVERS.NET IN A D.ROOT-SERVERS.NET IN A E.ROOT-SERVERS.NET IN A F.ROOT-SERVERS.NET IN A G.ROOT-SERVERS.NET IN A H.ROOT-SERVERS.NET IN A I.ROOT-SERVERS.NET IN A J.ROOT-SERVERS.NET IN A K.ROOT-SERVERS.NET IN A L.ROOT-SERVERS.NET IN A M.ROOT-SERVERS.NET IN A ;; Query time: 22 msec ;; SERVER: #53( ) ;; WHEN: Sun Feb 11 14:54: ;; MSG SIZE rcvd: 436

Note! 1.The Priming Response contains only IPv4 address records for the root name servers 2.The response is a DNS message of size 436 bytes

What happens when … we want to add IPv6 support to the root of the DNS? –Be able to query the root name servers using an IPv6 transport instead of only being able to use IPv4 transport –Be able to establish the IPv6 addresses of the DNS root name servers through a priming query, just like we can with IPv4 today

Implications Same query (NS records for.) Larger priming response –AAAA records in the Additional Section of the response –5 servers with IPv6 = 587 byte DNS response –13 servers with IPv6 =>800 byte DNS response

Implications RFC1035 sets a maximum DNS message size of 512 bytes –Larger responses require the query to have EDNS0 extension (RFC 2671) to notify the root name servers that larger that 512 byte responses can be processed –Intermediate systems must forward these larger DNS messages to the resolvers that issued the query The DNS response now has AAAA records –Intermediate systems that perform deep packet inspection and filtering need to allow these packets through as valid DNS priming response packets

Whats the change from today? 1.DNS name servers should understand AAAA records in the additional section as a signal for IPv6 transport support 2.This should be the case even if the priming query is made over IPv4 transport 3.DNS name servers should support EDNS0 to signal a capability to process large (>512 byte) DNS messages 4.Middleware should not filter such priming queries or the corresponding responses

Is this going to be a problem? We arent sure! –ICANN RSSAC and SSAC have set up an experiment –They invite you to test your local configuration to see if your environment is capable to supporting IPv6 AAAA records in the priming response for the DNS root –Details of the experiment are at: –The test runs from 1 February through to 1 May

What you should see in the test: dig +norec ns ; > DiG > +norec NS ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr ra; QUERY: 1, ANSWER: 13, AUTHORITY: 13, ADDITIONAL: 19 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN ANY ;; ANSWER SECTION: … ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET IN A B.ROOT-SERVERS.NET IN A B.ROOT-SERVERS.NET IN AAAA 2001:478:65::53 C.ROOT-SERVERS.NET IN A D.ROOT-SERVERS.NET IN A E.ROOT-SERVERS.NET IN A F.ROOT-SERVERS.NET IN A F.ROOT-SERVERS.NET IN AAAA 2001:500::1035 G.ROOT-SERVERS.NET IN A H.ROOT-SERVERS.NET IN A H.ROOT-SERVERS.NET IN AAAA 2001:500:1::803f:235 I.ROOT-SERVERS.NET IN A J.ROOT-SERVERS.NET IN A K.ROOT-SERVERS.NET IN A K.ROOT-SERVERS.NET IN AAAA 2001:7fd::1 L.ROOT-SERVERS.NET IN A M.ROOT-SERVERS.NET IN A M.ROOT-SERVERS.NET IN AAAA 2001:dc3::35 ;; Query time: 2 msec ;; SERVER: #53( ) ;; WHEN: Tue Jan 30 08:50: ;; MSG SIZE rcvd: 756

What you should see in the test: dig +norec ns ; > DiG > +norec NS ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr ra; QUERY: 1, ANSWER: 13, AUTHORITY: 13, ADDITIONAL: 19 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN ANY ;; ANSWER SECTION: … ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET IN A B.ROOT-SERVERS.NET IN A B.ROOT-SERVERS.NET IN AAAA 2001:478:65::53 C.ROOT-SERVERS.NET IN A D.ROOT-SERVERS.NET IN A E.ROOT-SERVERS.NET IN A F.ROOT-SERVERS.NET IN A F.ROOT-SERVERS.NET IN AAAA 2001:500::1035 G.ROOT-SERVERS.NET IN A H.ROOT-SERVERS.NET IN A H.ROOT-SERVERS.NET IN AAAA 2001:500:1::803f:235 I.ROOT-SERVERS.NET IN A J.ROOT-SERVERS.NET IN A K.ROOT-SERVERS.NET IN A K.ROOT-SERVERS.NET IN AAAA 2001:7fd::1 L.ROOT-SERVERS.NET IN A M.ROOT-SERVERS.NET IN A M.ROOT-SERVERS.NET IN AAAA 2001:dc3::35 ;; Query time: 2 msec ;; SERVER: #53( ) ;; WHEN: Tue Jan 30 08:50: ;; MSG SIZE rcvd: 756

Thank You Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.