forced to execute DNS64

LEE SUKMOON smlee at sk.com
Tue Oct 11 23:33:39 UTC 2016 

Thank you.

Your advice is very well done. Thank you again.
But /29 prefix is not work. /32 prefix is good work.


    dns64 64:ff9b::/96 {
        clients { acl_ipv6; ::1; };
        exclude {
            2a03:2880::/32; // Facebook
        };
    };

[root at DNS_STG:/root] $ dig @::1 m.facebook.com aaaa +short
star-mini.c10r.facebook.com.
64:ff9b::1f0d:4423
[root at DNS_STG:/root] $ dig @::1 m.facebook.com aaaa +short
star-mini.c10r.facebook.com.
64:ff9b::1f0d:4423


> -----Original Message-----
> From: Mark Andrews [mailto:marka at isc.org]
> Sent: Wednesday, October 12, 2016 7:04 AM
> To: 이석문/ICT Solution팀
> Cc: bind-users at lists.isc.org
> Subject: Re: forced to execute DNS64
> 
> 
> Exclude Facebook's IPv6 range.
> 
> dns64 <prefix> {
> 	 exclude {
> 		::ffff:0:0/96;		// mapped addresses
> 		2a03:2880::/29;		// Facebook
> 	 };
> };
> 
> In message <389ab5475d0a441a9cc175f0326e597e at skt-tnetpmx2.SKT.AD>, LEE
> SUKMOON
> writes:
> >
> > Thanks for reply.
> >
> > But a client's network is ipv6 network.
> > Client obtains a ipv6 address. Then client connect to global ipv6
> > address over oversea.
> > But client obtains a ipv4 address(DNS64 translated ipv6 address).
> > Then client connect to NAT64, and connect to local ipv4 service(ex:
> CDN).
> >
> > I tried to modify a test code. This code works similar to what I think.
> > Without modify program, similarly I wondered whether the operation is
> > set to do so.
> >
> > Thanks.
> >
> >
> >
> > root at smlee:/root/isc $ diff -Nur bind-9.9.9-P3/ bind-9.9.9-P3-dns64/
> > diff -Nur bind-9.9.9-P3/bin/named/query.c
> > bind-9.9.9-P3-dns64/bin/named/query.c
> > --- bind-9.9.9-P3/bin/named/query.c     2016-09-09 11:47:21.000000000
> > +0900
> > +++ bind-9.9.9-P3-dns64/bin/named/query.c       2016-10-11
> > 16:41:14.741269111 +0900
> > @@ -6022,6 +6022,17 @@
> >                                 client->query.dboptions, client->now,
> >                                 &node, fname, &cm, &ci, rdataset,
> > sigrdataset);
> >
> > +       if (type==dns_rdatatype_aaaa && result==ISC_R_SUCCESS) {
> > +               char fbufDNS_NAME_FORMATSIZE = "<unset>";
> > +
> > +               if (fname != NULL) {
> > +                       dns_name_format(fname, fbuf, sizeof(fbuf));
> > +                       if (strcmp("star-mini.c10r.facebook.com",
> > fbuf)==0) {
> > +                               result=DNS_R_NCACHENXRRSET;
> > +                       }
> > +               }
> > +       }
> > +
> >   resume:
> >         CTRACE(ISC_LOG_DEBUG(3), "query_find: resume");
> >
> > root at smlee:/root/isc $
> >
> >
> > root at smlee:/root/isc $ dig @127.0.0.1 star-mini.c10r.facebook.com aaaa
> > +short
> > 2a03:2880:f10b:83:face:b00c:0:25de
> > root at smlee:/root/isc $ dig @127.0.0.1 star-mini.c10r.facebook.com aaaa
> > +short
> > 64:ff9b::1f0d:4a24
> > root at smlee:/root/isc $ dig @127.0.0.1 star-mini.c10r.facebook.com aaaa
> > +short
> > 64:ff9b::1f0d:4a24
> > root at smlee:/root/isc $ dig @127.0.0.1 star-mini.c10r.facebook.com aaaa
> > +short
> > 64:ff9b::1f0d:4a24
> >
> >
> > > -----Original Message-----
> > > From: Mark Andrews mailto:marka at isc.org
> > > Sent: Tuesday, October 11, 2016 2:14 PM
> > > To: /ICT Solution
> > > Cc: bind-users at lists.isc.org
> > > Subject: Re: forced to execute DNS64
> > >
> > >
> > > DNS64 doesn't work like that.
> > >
> > > If you are having problems connecting over IPv6 contact your service
> > > provider.  Facebook treats IPv6 as a production service and will
> > > deal with connectivity issues.
> > >
> > > If you want to force browsers to use IPv4 then send back RST to the
> > > connection attempts to reach the facebook servers.  They should fail
> > over
> > > to using IPv4.  This should only require configuring the firewall on
> > your
> > > router appropriately.
> > >
> > > Mark
> > >
> > > In message <aac4f429ca6d4d1e86a98d8057f77b87 at skt-tnetpmx2.SKT.AD>,
> > > LEE SUKMOON
> > > writes:
> > > > Hello, All.
> > > >
> > > > Many clients queries to IPv6(IN/AAAA) domain.
> > > > But IPv6 network is so far, then slow then IPv4 network.
> > > >
> > > > I want to forced dns64 for special domain.
> > > >
> > > > Example, 'm.facebook.com' IN/AAAA address is
> > > > '2a03:2880:f115:83:face:b00c:0:2 5de'.
> > > > But I don't want to use IPv6 address. So I want to use dns64
> > > > translate addres s.
> > > >
> > > > 	m.facebook.com.         600     IN      CNAME
> > star-mini.c10r.facebook
> > > > .com.
> > > > 	star-mini.c10r.facebook.com. 1351 IN    AAAA
> > > 2a03:2880:f115:83:face:
> > > > b00c:0:25de
> > > >
> > > > Is it possible? Or should modify source?
> > > > Thanks.
> > > >
> > > > _______________________________________________
> > > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > > > unsubscribe  from this list
> > > >
> > > > bind-users mailing list
> > > > bind-users at lists.isc.org
> > > > https://lists.isc.org/mailman/listinfo/bind-users
> > > --
> > > Mark Andrews, ISC
> > > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > > PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
> 
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list