Re: Impact on removing IPV6 DNS Server from client terminals when Dual-stack is enabled
> On 1 Mar 2021, at 16:00, Duleep Thilakarathne wrote: > > Hi, > > This is not an issue but just to get ideas from experienced bind resources. > Please ignore this question, if it is out of the scope of this mailing > thread. > > Significant number of DNS requests can be observed when dual-stack enabled > and send both IPV4 and IPV6 DNS server addresses to clients through DHCP or > similar. > > > According to RCF 4472, > > "Note that even though IPv6 DNS resolver discovery is a recommended >procedure, it is not required for dual-stack nodes in dual-stack >networks as IPv6 DNS records can be queried over IPv4 as well as >IPv6. Obviously, nodes that are meant to function without manual >configuration in IPv6-only networks must implement the DNS resolver > >discovery function." > > client DNS request possibilities as follows per domain. (client > browser/Application may send all or selected queries in parallel with short > time difference) > > 1. A record requests to primary ipv4 dns server > 2. A record request to secondary ipv4 dns > 3. record requests to primary ipv4 dns server > 4. record request to secondary ipv4 dns > 5. A record requests to primary ipv6 dns server > 6. A record request to secondary ipv6 dns > 7. to primary ipv6 dns server > 8. to secondary ipv6 dns server > > What will happen, if IPV6 DNS server addresses are removed from DHCP or > similar assignment in dual-stack scenario and only keep IPV4 DNS servers. I > guess this will reduce load to DNS servers as well as SP networks. Are there > any practical limitations ?. Is it mandatory to send both IPV4 and IPV6 DNS > server addresses in a dual-stack scenario. Really I wouldn’t worry about it. Your primary and secondary servers are likely to be dual stacked so the extra queries will be absorbed there. Additionally, especially if you have BYOD, you have no control over machines that are configured for IPv6-only. Yes, there are plenty of IPv6-only networks today. On top of that you can have DHCP failures where RA continues to work. Why cause machines to break unnecessarily when that happens? > Regards > DT > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Impact on removing IPV6 DNS Server from client terminals when Dual-stack is enabled
Hi, This is not an issue but just to get ideas from experienced bind resources. Please ignore this question, if it is out of the scope of this mailing thread. Significant number of DNS requests can be observed when dual-stack enabled and send both IPV4 and IPV6 DNS server addresses to clients through DHCP or similar. According to RCF 4472, "Note that even though IPv6 DNS resolver discovery is a recommended procedure, it is not required for dual-stack nodes in dual-stack networks as IPv6 DNS records can be queried over IPv4 as well as IPv6. Obviously, nodes that are meant to function without manual configuration in IPv6-only networks must implement the DNS resolver discovery function." client DNS request possibilities as follows per domain. (client browser/Application may send all or selected queries in parallel with short time difference) 1. A record requests to primary ipv4 dns server 2. A record request to secondary ipv4 dns 3. record requests to primary ipv4 dns server 4. record request to secondary ipv4 dns 5. A record requests to primary ipv6 dns server 6. A record request to secondary ipv6 dns 7. to primary ipv6 dns server 8. to secondary ipv6 dns server What will happen, if IPV6 DNS server addresses are removed from DHCP or similar assignment in dual-stack scenario and only keep IPV4 DNS servers. I guess this will reduce load to DNS servers as well as SP networks. Are there any practical limitations ?. Is it mandatory to send both IPV4 and IPV6 DNS server addresses in a dual-stack scenario. Regards DT ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: TXT & SPF Record Syntax
On 2/28/21 5:52 PM, Mark Andrews wrote: > Domain names without a trailing period are relative to the current origin. > > Domain names with a trailing period are absolute. > > If you want to add the record > > foo.bar.example.com. TXT … > > and the current origin is example.com. You can enter it as > > foo.bar TXT … > > or > > foo.bar.example.com. TXT … > > or you could set the origin to bar.example.com. and do this > > $ORIGIN bar.example.com. > foo TXT … > > This applies to all domain names in zone files. > > Mark OK that makes sense. Thanks. It's been so long since I configured these servers - and they have worked so flawlessly - I forgot everything I knew about bind config files ;) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: TXT & SPF Record Syntax
Domain names without a trailing period are relative to the current origin. Domain names with a trailing period are absolute. If you want to add the record foo.bar.example.com. TXT … and the current origin is example.com. You can enter it as foo.bar TXT … or foo.bar.example.com. TXT … or you could set the origin to bar.example.com. and do this $ORIGIN bar.example.com. foo TXT … This applies to all domain names in zone files. Mark > On 1 Mar 2021, at 10:41, Tim Daneliuk via bind-users > wrote: > > I am trying to understand when the LHS of a TXT record needs to be terminated > with '.'. > > For example, I see this one of the machines I am managing. The server in > question is > the zone authority for foo.com: > > foo.com. IN TXT "v=spf1 ... > foo.com. IN SPF "v=spf1 ... > something._domainkey IN TXT "v=DKIM1 ... > _dmark.foo.com. IN TXT "v=DMARC1 ... > > Could some kind soul explain why the DKIM key name does not require the > trailing period, but > why all the foo.com entries do? > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
TXT & SPF Record Syntax
I am trying to understand when the LHS of a TXT record needs to be terminated with '.'. For example, I see this one of the machines I am managing. The server in question is the zone authority for foo.com: foo.com. IN TXT "v=spf1 ... foo.com. IN SPF "v=spf1 ... something._domainkey IN TXT "v=DKIM1 ... _dmark.foo.com. IN TXT "v=DMARC1 ... Could some kind soul explain why the DKIM key name does not require the trailing period, but why all the foo.com entries do? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users