On 14/09/2011 14:16, Brzozowski, John wrote:
On 9/14/11 12:10 AM, "Mattia Rossi"<[email protected]> wrote:
On 14/09/2011 13:36, Brzozowski, John wrote:
On 9/11/11 7:32 PM, "Wouter Cloetens"<[email protected]>
wrote:
On 10/09/11 19:24, Brzozowski, John wrote:
My IPv6 DNS is currently forwarding to my service providers recursive
DNS
servers or some other server on the Internet.
My local IPv4 DNS server privately addressed and will forward for any
request it is not authoritative for, which works fine.
I am going to change the setup so that the RFC5006 DNS server IPv6
address
and the IPv4 DNS server addresses are the same server. This server
will
have forwarding statements for the internal zones to the internal DNS
server. I imagine this will iron things out. Alternatively if the
IPv4
local DNS servers were also IPv6 transport enabled I could just use
it,
however, this is not the case.
Indeed. This works fine in the setup I made for my company. Public
lookups go upstream through my provider's IPv6 DNS server, local
lookups
go through the intranet's DNS server. Local lookups are defined as
*.company.com and all the private IPv4 subnets. The IPv6 DNS server
itself is authoritative for IPv6 until we merge the two some day.
[jjmb] Interesting, certainly not the case for me. The resolver never
tries a different DNS server once it gets responses from the IPv6. Just
confirming, the DNS server (IPv6 transport) is authoritative for
*.company.com right? If yes, this would explain why it works for you.
Hmm, I've gone through this again, and it seems just weird to me, that
once you're not able to resolve the names via IPv6, you're client is not
falling back and trying the IPv4 DNS server, in case the one listed
first in your client is the Ipv6 one. If the first one listed is the
IPv4 one, you should be able to resolve the name immediately (via IPv4).
[jjmb] the IPv6 DNS server addresses are listed first and tried first. Why
would it try the others if there was not a failure? No data is an
acceptable reply. Agree if the IPv4 addresses are listed first this would
not be an issue, however, this is not how IPv6 behaves similar to how AAAA
are preferred over A.
Crap! Right! So you really need to have either a single server or to
have authoritative entries in both. Or the solution below.
On a side note:
In FreeBSD they just recently implemented RFC5006/RFC6106 following the
lines of OpenResolv. The cool thing it does on the client, is to set up
different DNS servers for different domains, so in your case it would
point to your local DNS if you want to resolve any *.company.com, and to
the other DNS for everything else (with fallback to the local DNS
eventually)
Maybe we should push for that method to become standardised (if it
hasn't been done yet).
[jjmb] now this seems interesting, is this available for testing yet?
It is already in FreeBSD 9.0: http://opal.com/jr/freebsd/rdnss/
Unfortunately it has not been backported to FreeBSD 8 yet, afaik.
A FreeBSD based LiveCD running 9.0-BETA2 can be obtained here:
http://www.pcbsd.org/
Mat
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
