Re: [Dnsmasq-discuss] coping with ipv6 source routing and dns

Thu, 30 Jan 2014 12:06:41 -0800 

On 01/30/2014 11:40 AM, Dave Taht wrote:>>> ?


and then there's splitting dns... where I might want nuc.hm.armory.com
AAAAs available to the outside universe. somehow.



Have you looked at the dnsmasq auth stuff for this?


head, hurting.


hope a real-life example helps :)

$ cat /etc/dnsmasq.conf
enable-ra
dhcp-range=lan, 2a00:1508:1:f004::, ra-names
dhcp-option=option6:domain-search,red.deltalibre.org.ar
### up until here, simply send RAs on the local network,
### and tell clients the domain they belong to

### tun6 is a tunnel interface to a public v6 broker
auth-server=gw-red.deltalibre.org.ar,tun6
auth-zone=red.deltalibre.org.ar,2a00:1508:1:f004::/64
auth-sec-servers=dnsrelay1.altermundi.net

# Let others cache our /etc/hosts and dhcp.lease info
auth-ttl=602


with that configuration, here are some queries

$ dig aaaa gw-red.deltalibre.org.ar @8.8.8.8 +all
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5279
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;gw-red.deltalibre.org.ar.      IN      AAAA

;; ANSWER SECTION:
gw-red.deltalibre.org.ar. 7200  IN      AAAA    2a00:1508:1:f004::1

;; Query time: 2626 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Jan 30 16:38:48 2014
;; MSG SIZE  rcvd: 70

$ dig ns red.deltalibre.org.ar @8.8.8.8 +all
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34645
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;red.deltalibre.org.ar.         IN      NS

;; ANSWER SECTION:
red.deltalibre.org.ar.  602     IN      NS      gw-red.deltalibre.org.ar.
red.deltalibre.org.ar.  602     IN      NS      dnsrelay1.altermundi.net.

;; Query time: 568 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Jan 30 16:39:01 2014
;; MSG SIZE  rcvd: 98



That unusual TTL lets you tell apart which replies originated on my 
dnsmasq instance.



dnsrelay[12].altermundi.net are bind servers, elsewhere, which hold the 
NS record of red.deltalibre.org.ar pointing to gw-red host

as well as the "glue record" shown in the first query
(gw-red.deltalibre.org.ar. 7200 IN      AAAA    2a00:1508:1:f004::1)


[right now dnsrelay1.altermundi.net ipv4 is down :c so queries fail 
randomly when asking 8.8.8.8 depending on whether it tries to recurse to 
dnsrelay1 (down) or gw-red (up, ipv6-only) ]


but feel free to poke 2a00:1508:1:f004::1 directly

cheers!

gui







Simon.



?


My brain hurts.







_______________________________________________
Dnsmasq-discuss mailing list
[email protected]
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss






_______________________________________________
Dnsmasq-discuss mailing list
[email protected]
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss






















					Reply via email to