Re: [Softwires] [v6ops] DS-Lite & DNS

Thu, 05 Jul 2012 06:06:58 -0700

Since i (as an operator) manage the CPE but not the host, i got a little bit worried and confused by the statement "DNS packets are not expected to go through the AFTR element", since the subscriber can easily send such packets.
So my understanding is that this is a supported scenario, but probably not a recommended one.

Wuyts Carl wrote on 05/07/2012 15:01:

HI,

 

First of all, assigning DNS info to host behind a CPE doesn’t look a scalable thing/solution to me, although possible of course.

Secondly, I think the issue stated in the RFC is on how to get DNS info to the CPE/hosts, rather than how the message flow is for DNS queries (v4/v6).

With a DNS Proxy, your DNs query, no matter A/AAA or v4/v6 transport, will be sent to the CPE which in its turn can forward it to its available DNS servers (which he potentially can get through different channels like PPP, DHCPv4 and v6, static,  …; for dslite solution it’ll be static or dhcpv6 most likely). 

In your use case, the host knows about the DNS server, so no need to pass the request through the CPE and ask to CPE to handle it, but just route the packet to its destination.  In this case, the question will be: does the CPE has a route to its destination ?  If so (e.g. default route to DSLite tunnel for v4 traffic) the packet will just be routed, if not, packet will be dropped.

 

regs

Carl

From: [email protected] [mailto:[email protected]] On Behalf Of Tassos Chatzithomaoglou
Sent: donderdag 5 juli 2012 13:52
To: [email protected]; [email protected]
Subject: [v6ops] DS-Lite & DNS

 


Hi all,

I'm reading in RFC 6333:

5.5.  DNS

 
   A B4 element is only configured from the service provider with IPv6.
   As such, it can only learn the address of a DNS recursive server
   through DHCPv6 (or other similar method over IPv6).  As DHCPv6 only
   defines an option to get the IPv6 address of such a DNS recursive
   server, the B4 element cannot easily discover the IPv4 address of
   such a recursive DNS server, and as such will have to perform all DNS
   resolution over IPv6.
 
   The B4 element can pass this IPv6 address to downstream IPv6 nodes,
   but not to downstream IPv4 nodes.  As such, the B4 element SHOULD
   implement a DNS proxy, following the recommendations of [RFC5625].
 

6.4.  DNS

 
   As noted previously, a DS-Lite node implementing a B4 element will
   perform DNS resolution over IPv6.  As a result, DNS packets are not
   expected to go through the AFTR element.
 


What would be the expected behavior if i configure manually an IPv4 DNS server to a host attached to the CPE?
According to RFC5625:

Except when required to enforce an active security or network policy
   (such as maintaining a pre-authentication "walled garden"), end-users
   SHOULD be able to send their DNS queries to specified upstream
   resolvers, thereby bypassing the proxy altogether.  In this case, the
   gateway SHOULD NOT modify the DNS request or response packets in any
   way.


Does this mean that the 6.4 statement "DNS packets are not expected to go through the AFTR element." is not always valid?

Also, can draft-ietf-dhc-dhcpv4-over-ipv6 be considered an alternative option for passing IPv4 info to clients over IPv6 in DS-Lite networks?



--
Tassos
 




_______________________________________________
Softwires mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/softwires

Reply via email to