dns64

package
v0.0.0-...-36c2227 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 14, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

README

dns64

Name

dns64 - enables DNS64 IPv6 transition mechanism.

Description

The dns64 plugin will when asked for a domain's AAAA records, but only finds A records, synthesizes the AAAA records from the A records.

The synthesis is only performed if the query came in via IPv6.

This translation is for IPv6-only networks that have NAT64.

Syntax

dns64 [PREFIX]
  • PREFIX defines a custom prefix instead of the default 64:ff9b::/96.

Or use this slightly longer form with more options:

dns64 [PREFIX] {
    [translate_all]
    prefix PREFIX
    [allow_ipv4]
}
  • prefix specifies any local IPv6 prefix to use, instead of the well known prefix (64:ff9b::/96)
  • translate_all translates all queries, including responses that have AAAA results.
  • allow_ipv4 Allow translating queries if they come in over IPv4, default is IPv6 only translation.

Examples

Translate with the default well known prefix. Applies to all queries (if they came in over IPv6).

. {
    dns64
}

Use a custom prefix.

. {
    dns64 64:1337::/96
}

Or

. {
    dns64 {
        prefix 64:1337::/96
    }
}

Enable translation even if an existing AAAA record is present.

. {
    dns64 {
        translate_all
    }
}

Apply translation even to the requests which arrived over IPv4 network. Warning, the allow_ipv4 feature will apply translations to requests coming from dual-stack clients. This means that a request for a client that sends an AAAA that would normal result in an NXDOMAIN would get a translated result. This may cause unwanted IPv6 dns64 traffic when a dualstack client would normally use the result of an A record request.

. {
    dns64 {
        allow_ipv4
    }
}

Metrics

If monitoring is enabled (via the prometheus plugin) then the following metrics are exported:

  • coredns_dns64_requests_translated_total{server} - counter of DNS requests translated

The server label is explained in the prometheus plugin documentation.

Bugs

Not all features required by DNS64 are implemented, only basic AAAA synthesis.

  • Support "mapping of separate IPv4 ranges to separate IPv6 prefixes"
  • Resolve PTR records
  • Make resolver DNSSEC aware. See: RFC 6147 Section 3

See Also

See RFC 6147 for more information on the DNS64 mechanism.

Documentation

Overview

Package dns64 implements a plugin that performs DNS64.

See: RFC 6147 (https://tools.ietf.org/html/rfc6147)

Index

Constants

This section is empty.

Variables

View Source
var (
	// RequestsTranslatedCount is the number of DNS requests translated by dns64.
	RequestsTranslatedCount = promauto.NewCounterVec(prometheus.CounterOpts{
		Namespace: plugin.Namespace,
		Subsystem: pluginName,
		Name:      "requests_translated_total",
		Help:      "Counter of DNS requests translated by dns64.",
	}, []string{"server"})
)

Functions

This section is empty.

Types

type DNS64

type DNS64 struct {
	Next         plugin.Handler
	Prefix       *net.IPNet
	TranslateAll bool // Not comply with 5.1.1
	AllowIPv4    bool
	Upstream     UpstreamInt
}

DNS64 performs DNS64.

func (*DNS64) DoDNS64

func (d *DNS64) DoDNS64(ctx context.Context, w dns.ResponseWriter, r *dns.Msg, origResponse *dns.Msg) (*dns.Msg, error)

DoDNS64 takes an (empty) response to an AAAA question, issues the A request, and synthesizes the answer. Returns the response message, or error on internal failure.

func (*DNS64) Name

func (d *DNS64) Name() string

Name implements the Handler interface.

func (*DNS64) ServeDNS

func (d *DNS64) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error)

ServeDNS implements the plugin.Handler interface.

func (*DNS64) Synthesize

func (d *DNS64) Synthesize(origReq, origResponse, resp *dns.Msg) *dns.Msg

Synthesize merges the AAAA response and the records from the A response

type UpstreamInt

type UpstreamInt interface {
	Lookup(ctx context.Context, state request.Request, name string, typ uint16) (*dns.Msg, error)
}

UpstreamInt wraps the Upstream API for dependency injection during testing

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL