自己做了一个关于DNS域名解析的项目,当初为了搞通ipv6在DNS中的应用查阅了许多资料,废了不少劲
在此把本人总结的资料翻译出来呈现给大家,有问题希望共同讨论,共同进步
//*************************************
stated in [RFC4472]:
//*************************************
The IP version used to transport the DNSqueries and responses is
independent of the records being queried:AAAA records can be queried
over IPv4, and A records over IPv6.
IPV4或者IPV6的问询和应答是相互独立的,可以得到AAAA记录在IPV4网络上,得到A记录在IPV6网络上
Separate vs. the Same Service Names forIPv4 and IPv6:
Ipv4跟ipv6用相同的域名或者不同的域名 比较:
The service naming can be achieved inbasically two ways: when a
service is named"service.example.com" for IPv4, the IPv6-enabled
service could either be added to"service.example.com" or added
separately under a different name, e.g., ina sub-domain like
"service.ipv6.example.com".
提供服务的命名方法可以有两种:
例如"service.example.com" 同时供IPV4和IPV6使用,
或者"service.example.com"供IPV4使用,"service.ipv6.example.com"供IPV6使用
These two methods have differentcharacteristics. Using a different
name allows for easier service piloting,minimizing the disturbance
to the "regular" users of IPv4service; however, the service would
not be used transparently, without theuser/application explicitly
finding it and asking for it -- which wouldbe a disadvantage in most
cases. When the different name is under asub-domain, if the
services are deployed within a restrictednetwork (e.g., inside an
enterprise), it’s possible to prefer themtransparently, at least to
a degree, by modifying the DNS search path;however, this is a
suboptimal solution. Using the same servicename is the "long-term"
solution, but may degrade performance forthose clients whose IPv6
performance is lower than IPv4, or does notwork as well (see
Section 4.3 for more).
两种方法有着不同的特性:
用不同的名字优点:方便服务管控,而且对ipv4服务的影响达到最小。
缺点:跟ipv4名字不一样,用户或者应用程序往往不知道这个名字(认知度小)。
解决办法:将这个名字存放为一个sub-domain,如果这个服务是部署在一个私密的网络里面,通过调整DNS搜索路径,或许会轻易的发现这个名字,至少在一定程度上。然而这也不是最好的方法。用同一个名字是长久的方法,然而如果ipv6表现不佳的话会削弱服务性能。
In most cases, it makes sense to pilot ortest a service using
separate service names, and move to the useof the same name when
confident enough that the service levelwill not degrade for the
users unaware of IPv6.
多数情况下,在可以确定不会削弱性能的前提下最好使用同一个域名
4.3. Adding the Records Only When FullyIPv6-enabled
The recommendation is that AAAA records fora service should not be
added to the DNS until all of following aretrue:
域有AAAA记录的条件:
1. The address is assigned to theinterface on the node.
指定该节点为该地址
2. The address is configured onthe interface.
地址被配置在该接口上
3. The interface is on a link that isconnected to the IPv6
infrastructure.
该接口连接到了IPV6网络里
In addition, if the AAAA record is addedfor the node, instead of
service as recommended, all the services ofthe node should be IPv6-enabled prior to adding the resource record.
另外,AAAA记录被加进节点之前,最好所有节点都支持IPV6,然后再提供服务。
When a caching resolver asks for the MXrecord of example.com, it
gets back "foo.example.com". Itmay also get back either one or both
of the A and AAAA records in the additionalsection. The resolver
must explicitly query for both A and AAAArecords
缓存解析器在问询例如‘example.com’ MX资源记录时候,应该得到A或者AAAA记录在additional section里面。解析器也应该明确的问询A和AAAA记录
When IPv6 is enabled on a node, there areseveral things to consider
to ensure that the process is as smooth aspossible.
为保证ipv6应用顺畅有一些问题需要考虑到
5.1. DNS Lookups May Query IPv6 RecordsPrematurely
First, let us consider generic implicationsof unnecessary queries
for AAAA records: when looking up all therecords in the DNS, AAAA
records are typically tried first, and thenA records. These are
done in serial, and the A query is notperformed until a response is
received to the AAAA query. Considering themisbehavior of DNS
servers and load-balancers, as described inSection 3.1, the lookup
delay for AAAA may incur additionalunnecessary latency, and
introduce a component of unreliability.
One option here could be to do the queriespartially in parallel; for
example, if the final response to the AAAAquery is not received in
0.5 seconds, start performing the A querywhile waiting for the
result. (Immediate parallelism might not beoptimal, at least
without information-sharing between thelookup threads, as that would
probably lead to duplicate non-cacheddelegation chain lookups.)
一般情况:查询DNS记录的时候,需要询问很多记录,一般是先询问AAAA记录,如果负载平衡器和DNS递归服务器有一些错误的行为(简答的无声的抛弃问询包或者给出错误的回答),AAAA应答会超时很长时间,后面的其他资源记录问询也需要等待很长时间
解决办法:相隔0.5秒并行发送A请求。
5.2. Obtaining a List of DNS RecursiveResolvers
关于DNS递归服务器的发现机制
5.3. IPv6 Transport Guidelines forResolvers
IPV6传输指导(见下面RFC3901)
//*************************************
stated in [RFC3596]:
//*************************************
The IP protocol version used for queryingresource records is
independent of the protocol version of theresource records; e.g.,
IPv4 transport can be used to query IPv6records and vice versa.
Ip协议的不同与问询不同协议的资源记录是相互独立的
例如ipv4传输协议可用来问询ipv6的资源记录
This document defines the changes that needto be made to the Domain
Name System (DNS) to support hosts runningIP version 6 (IPv6). The
changes include a resource record type tostore an IPv6 address, a
domain to support lookups based on an IPv6address, and updated
definitions of existing query types thatreturn Internet addresses as
part of additional section processing. Theextensions are designed
to be compatible with existing applicationsand, in particular, DNS
implementations themselves.
这个文件定义了一些为适应支持运行Ipv6的改变。包括:一种存放IPv6地址的资源记录;支持查询IPv6地址的域名;已经存在的查询的更新,将网络地址加进additional section。
这些扩展兼容已存的DNS应用和策略。
AAAA资源记录样式:
2.1 AAAA record type
The AAAA resource record type is a recordspecific to the Internet
class that stores a single IPv6 address.
AAAA资源记录专门用来存储IPv6的地址
The IANA assigned value of the type is 28(decimal).
IANA指定该资源记录类型为28
2.2 AAAA data format
A 128 bit IPv6 address is encoded in thedata portion of an AAAA
resource record in network byte order(high-order byte first).
长度为128bit的地址包含在AAAA资源记录的数据段,而且是网络字节序(大尾端)存储
2.3 AAAA query
An AAAA query for a specified domain namein the Internet class
returns all associated AAAA resourcerecords in the answer section of
a response.
一个AAAA资源记录的问询可以返回所有相关的AAAA资源记录回答
A type AAAA query does not triggeradditional section processing.
AAAA类型的问询并不引发additionalsection处理程序
IP6.ARPA Domain
关于IP6.ARPA Domain:
A special domain is defined to look up arecord given an IPv6
address. The intent of this domain is toprovide a way of mapping an
IPv6 address to a host name, although itmay be used for other
purposes as well. The domain is rooted atIP6.ARPA.
An IPv6 address is represented as a name inthe IP6.ARPA domain by a
sequence of nibbles separated by dots withthe suffix ".IP6.ARPA".
The sequence of nibbles is encoded inreverse order, i.e., the
low-order nibble is encoded first, followedby the next low-order
nibble and so on. Each nibble isrepresented by a hexadecimal digit.
For example, the reverse lookup domain namecorresponding to the
address
4321:0:1:2:3:4:567:89ab
would be
b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.IP6.
ARPA.
一个特殊的域被定义,用来查找带有IPv6地址的记录。
这个域的目的是提供一种IPv6地址到主机名的映射,当然它也可以被用作其他目的。
这名字有后缀IP6.ARPA;这个名字是由ipv6地址加上".IP6.ARPA"后缀构成的,其中的ipv6地址是反向顺序的,低位字节在前端,高位字节在后面,例如与ipv6地址4321:0:1:2:3:4:567:89ab
对应的域名将会是
b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.IP6.ARPA.
所有的已存的ipv4问询需要的改变:
All existing query types that perform typeA additional section
processing, i.e., name server (NS),location of services (SRV) and
mail exchange (MX) query types, must beredefined to perform both
type A and type AAAA additional sectionprocessing. These
definitions mean that a name server mustadd any relevant IPv4
addresses and any relevant IPv6 addressesavailable locally to the
additional section of a response whenprocessing any one of the above
queries.
所有的已存的问询必须加上A additional section程序,NS,SRV,MX类型的问询必须在
additional section加上A和AAAA类型记录,这意味着当有上面的那些问询的时候,命名服务器必须添加所有相关的IPv4和IPv6地址在响应的additional section里面。
//*******************************************
stated in [RFC3901]:
//*******************************************
Having those zones served only by IPv6-onlyname server would not be
a good development, since this willfragment the previously
unfragmented IPv4 name space and there arestrong reasons to find a
mechanism to avoid it.
用只支持IPv6的命名服务器来提供域服务并不是一个好的发展,因为这样会破坏IPv4的命名空间,我们有充分的理由去寻找一种避免这样的机制
DNS IPv6 Transport recommended Guidelines
DNS ipv6传输指导意见:
In order to preserve name space continuity,the following
administrative policies are recommended:
为了维护域名的连续可用性,建议一下政策方针:
- every recursive name server SHOULD beeither IPv4-only or dual
stack,
This rules out IPv6-only recursive servers.However, one might
design configurations where a chain ofIPv6-only name server
forward queries to a set of dual stackrecursive name server
actually performing those recursivequeries.
- every DNS zone SHOULD be served by atleast one IPv4-reachable
authoritative name server.
This rules out DNS zones served only byIPv6-only authoritative
name servers.
Note: zone validation processes SHOULDensure that there is at least
one IPv4 address record available for thename servers of any child
delegations within the zone.
每个递归服务器应该是只支持IPv4或者是IPv4和IPv6双栈
这种规则将只支持IPv6的递归服务器置之门外。然而也可以设置成这样的配置:将只支持IPv6的递归服务器的服务转向双栈递归服务器,这样的话,实际上市双栈服务器在工作,在应答递归问询。
每个DNS域至少要配置一个IPv4可达的得权威服务器。
这种规则剔除了只支持IPv6的权威命名服务器
注意:域生效程序应该保证子域都应该有其对应的IPv4可达的命名服务器。
//*************************************
stated in [RFC5855]:
//*************************************
The Domain Name System (DNS) is describedin [RFC1034] and [RFC1035].
The DNS currently supports keyed dataretrieval using three
namespaces -- domain names, IPv4 addresses,and IPv6 addresses.
Mapping of IPv4 addresses to names isaccomplished using data
published in the IN-ADDR.ARPA zone. ForIPv6, the IP6.ARPA zone is
used (see [RFC3596]). The process ofmapping an address to a name is
generally known as a "reverselookup", and the IN-ADDR.ARPA and
IP6.ARPA zones are said to support the"reverse DNS".
IPv4地址到域名的映射是通过在IN-ADDR.ARPA域(zone)中发布的数据实现的,
对于IPv6来说则是通过IP6.ARPA域(zone),这种通过地址查找名字的机制叫做反向查找,N-ADDR.ARPA 和IP6.ARPA域用来支持这样的反向查找
The IN-ADDR-SERVERS.ARPA and IN-ADDR.ARPAzones are delegated to the
same servers, since they are both dedicatedfor a single purpose and
hence can reasonably share fate.
IN-ADDR-SERVERS.ARPA 和IN-ADDR.ARPA 域对应于同一个服务器
The IP6-SERVERS.ARPA zone has beendelegated to the same set of
servers as IP6.ARPA. IPv4 and IPv6 gluerecords for each of those
servers has been added to the ARPA zone.
IP6-SERVERS.ARPA 和 IP6.ARPA 域对应于同一个服务器