RFC中关于IPv6 DNS的介绍

自己做了一个关于DNS域名解析的项目，当初为了搞通ipv6在DNS中的应用查阅了许多资料，废了不少劲

在此把本人总结的资料翻译出来呈现给大家，有问题希望共同讨论，共同进步

//*************************************

stated in [RFC4472]:

//*************************************

 

The IP version used to transport the DNSqueries and responses is

independent of the records being queried:AAAA records can be queried

over IPv4, and A records over IPv6.

IPV4或者IPV6的问询和应答是相互独立的，可以得到AAAA记录在IPV4网络上，得到A记录在IPV6网络上

 

Separate vs. the Same Service Names forIPv4 and IPv6：

Ipv4跟ipv6用相同的域名或者不同的域名 比较：

 

The service naming can be achieved inbasically two ways: when a

service is named"service.example.com" for IPv4, the IPv6-enabled

service could either be added to"service.example.com" or added

separately under a different name, e.g., ina sub-domain like

"service.ipv6.example.com".

提供服务的命名方法可以有两种：

例如"service.example.com" 同时供IPV4和IPV6使用，

或者"service.example.com"供IPV4使用，"service.ipv6.example.com"供IPV6使用

 

These two methods have differentcharacteristics. Using a different

name allows for easier service piloting,minimizing the disturbance

to the "regular" users of IPv4service; however, the service would

not be used transparently, without theuser/application explicitly

finding it and asking for it -- which wouldbe a disadvantage in most

cases. When the different name is under asub-domain, if the

services are deployed within a restrictednetwork (e.g., inside an

enterprise), it’s possible to prefer themtransparently, at least to

a degree, by modifying the DNS search path;however, this is a

suboptimal solution. Using the same servicename is the "long-term"

solution, but may degrade performance forthose clients whose IPv6

performance is lower than IPv4, or does notwork as well (see

Section 4.3 for more).

两种方法有着不同的特性：

用不同的名字优点：方便服务管控，而且对ipv4服务的影响达到最小。

缺点：跟ipv4名字不一样，用户或者应用程序往往不知道这个名字（认知度小）。

解决办法：将这个名字存放为一个sub-domain，如果这个服务是部署在一个私密的网络里面，通过调整DNS搜索路径，或许会轻易的发现这个名字，至少在一定程度上。然而这也不是最好的方法。用同一个名字是长久的方法，然而如果ipv6表现不佳的话会削弱服务性能。

 

In most cases, it makes sense to pilot ortest a service using

separate service names, and move to the useof the same name when

confident enough that the service levelwill not degrade for the

users unaware of IPv6.

多数情况下，在可以确定不会削弱性能的前提下最好使用同一个域名

 

4.3. Adding the Records Only When FullyIPv6-enabled

The recommendation is that AAAA records fora service should not be

added to the DNS until all of following aretrue:

域有AAAA记录的条件：

1.      The address is assigned to theinterface on the node.

指定该节点为该地址

2.      The address is configured onthe interface.

地址被配置在该接口上

3. The interface is on a link that isconnected to the IPv6

infrastructure.

该接口连接到了IPV6网络里

In addition, if the AAAA record is addedfor the node, instead of

service as recommended, all the services ofthe node should be IPv6-enabled prior to adding the resource record.

另外，AAAA记录被加进节点之前，最好所有节点都支持IPV6，然后再提供服务。

 

When a caching resolver asks for the MXrecord of example.com, it

gets back "foo.example.com". Itmay also get back either one or both

of the A and AAAA records in the additionalsection. The resolver

must explicitly query for both A and AAAArecords

缓存解析器在问询例如‘example.com’ MX资源记录时候，应该得到A或者AAAA记录在additional section里面。解析器也应该明确的问询A和AAAA记录

 

 

When IPv6 is enabled on a node, there areseveral things to consider

to ensure that the process is as smooth aspossible.

为保证ipv6应用顺畅有一些问题需要考虑到

 

5.1. DNS Lookups May Query IPv6 RecordsPrematurely

First, let us consider generic implicationsof unnecessary queries

for AAAA records: when looking up all therecords in the DNS, AAAA

records are typically tried first, and thenA records. These are

done in serial, and the A query is notperformed until a response is

received to the AAAA query. Considering themisbehavior of DNS

servers and load-balancers, as described inSection 3.1, the lookup

delay for AAAA may incur additionalunnecessary latency, and

introduce a component of unreliability.

One option here could be to do the queriespartially in parallel; for

example, if the final response to the AAAAquery is not received in

0.5 seconds, start performing the A querywhile waiting for the

result. (Immediate parallelism might not beoptimal, at least

without information-sharing between thelookup threads, as that would

probably lead to duplicate non-cacheddelegation chain lookups.)

一般情况：查询DNS记录的时候，需要询问很多记录，一般是先询问AAAA记录，如果负载平衡器和DNS递归服务器有一些错误的行为（简答的无声的抛弃问询包或者给出错误的回答），AAAA应答会超时很长时间，后面的其他资源记录问询也需要等待很长时间

解决办法：相隔0.5秒并行发送A请求。

 

5.2. Obtaining a List of DNS RecursiveResolvers

关于DNS递归服务器的发现机制

 

5.3. IPv6 Transport Guidelines forResolvers

IPV6传输指导（见下面RFC3901）

 

 

//*************************************

stated in [RFC3596]:

//*************************************

 

The IP protocol version used for queryingresource records is

independent of the protocol version of theresource records; e.g.,

IPv4 transport can be used to query IPv6records and vice versa.

Ip协议的不同与问询不同协议的资源记录是相互独立的

例如ipv4传输协议可用来问询ipv6的资源记录

 

This document defines the changes that needto be made to the Domain

Name System (DNS) to support hosts runningIP version 6 (IPv6). The

changes include a resource record type tostore an IPv6 address, a

domain to support lookups based on an IPv6address, and updated

definitions of existing query types thatreturn Internet addresses as

part of additional section processing. Theextensions are designed

to be compatible with existing applicationsand, in particular, DNS

implementations themselves.

这个文件定义了一些为适应支持运行Ipv6的改变。包括：一种存放IPv6地址的资源记录；支持查询IPv6地址的域名；已经存在的查询的更新，将网络地址加进additional section。

这些扩展兼容已存的DNS应用和策略。

 

AAAA资源记录样式：

2.1 AAAA record type

The AAAA resource record type is a recordspecific to the Internet

class that stores a single IPv6 address.

AAAA资源记录专门用来存储IPv6的地址

 

The IANA assigned value of the type is 28(decimal).

IANA指定该资源记录类型为28

2.2 AAAA data format

A 128 bit IPv6 address is encoded in thedata portion of an AAAA

resource record in network byte order(high-order byte first).

长度为128bit的地址包含在AAAA资源记录的数据段，而且是网络字节序（大尾端）存储

2.3 AAAA query

An AAAA query for a specified domain namein the Internet class

returns all associated AAAA resourcerecords in the answer section of

a response.

一个AAAA资源记录的问询可以返回所有相关的AAAA资源记录回答

A type AAAA query does not triggeradditional section processing.

AAAA类型的问询并不引发additionalsection处理程序

 

IP6.ARPA Domain

关于IP6.ARPA Domain：

 

A special domain is defined to look up arecord given an IPv6

address. The intent of this domain is toprovide a way of mapping an

IPv6 address to a host name, although itmay be used for other

purposes as well. The domain is rooted atIP6.ARPA.

An IPv6 address is represented as a name inthe IP6.ARPA domain by a

sequence of nibbles separated by dots withthe suffix ".IP6.ARPA".

The sequence of nibbles is encoded inreverse order, i.e., the

low-order nibble is encoded first, followedby the next low-order

nibble and so on. Each nibble isrepresented by a hexadecimal digit.

For example, the reverse lookup domain namecorresponding to the

address

4321:0:1:2:3:4:567:89ab

would be

b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.IP6.

ARPA.

一个特殊的域被定义，用来查找带有IPv6地址的记录。

这个域的目的是提供一种IPv6地址到主机名的映射，当然它也可以被用作其他目的。

这名字有后缀IP6.ARPA；这个名字是由ipv6地址加上".IP6.ARPA"后缀构成的，其中的ipv6地址是反向顺序的，低位字节在前端，高位字节在后面，例如与ipv6地址4321:0:1:2:3:4:567:89ab

对应的域名将会是

b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.IP6.ARPA.

 

所有的已存的ipv4问询需要的改变：

All existing query types that perform typeA additional section

processing, i.e., name server (NS),location of services (SRV) and

mail exchange (MX) query types, must beredefined to perform both

type A and type AAAA additional sectionprocessing. These

definitions mean that a name server mustadd any relevant IPv4

addresses and any relevant IPv6 addressesavailable locally to the

additional section of a response whenprocessing any one of the above

queries.

所有的已存的问询必须加上A additional section程序，NS，SRV，MX类型的问询必须在

additional section加上A和AAAA类型记录，这意味着当有上面的那些问询的时候，命名服务器必须添加所有相关的IPv4和IPv6地址在响应的additional section里面。

//*******************************************

stated in [RFC3901]:

//*******************************************

Having those zones served only by IPv6-onlyname server would not be

a good development, since this willfragment the previously

unfragmented IPv4 name space and there arestrong reasons to find a

mechanism to avoid it.

用只支持IPv6的命名服务器来提供域服务并不是一个好的发展，因为这样会破坏IPv4的命名空间，我们有充分的理由去寻找一种避免这样的机制

 

DNS IPv6 Transport recommended Guidelines

DNS ipv6传输指导意见：

 

In order to preserve name space continuity,the following

administrative policies are recommended:

为了维护域名的连续可用性，建议一下政策方针：

- every recursive name server SHOULD beeither IPv4-only or dual

stack,

This rules out IPv6-only recursive servers.However, one might

design configurations where a chain ofIPv6-only name server

forward queries to a set of dual stackrecursive name server

actually performing those recursivequeries.

- every DNS zone SHOULD be served by atleast one IPv4-reachable

authoritative name server.

This rules out DNS zones served only byIPv6-only authoritative

name servers.

Note: zone validation processes SHOULDensure that there is at least

one IPv4 address record available for thename servers of any child

delegations within the zone.

每个递归服务器应该是只支持IPv4或者是IPv4和IPv6双栈

这种规则将只支持IPv6的递归服务器置之门外。然而也可以设置成这样的配置：将只支持IPv6的递归服务器的服务转向双栈递归服务器，这样的话，实际上市双栈服务器在工作，在应答递归问询。

每个DNS域至少要配置一个IPv4可达的得权威服务器。

这种规则剔除了只支持IPv6的权威命名服务器

注意：域生效程序应该保证子域都应该有其对应的IPv4可达的命名服务器。

//*************************************

stated in [RFC5855]:

//*************************************

The Domain Name System (DNS) is describedin [RFC1034] and [RFC1035].

The DNS currently supports keyed dataretrieval using three

namespaces -- domain names, IPv4 addresses,and IPv6 addresses.

Mapping of IPv4 addresses to names isaccomplished using data

published in the IN-ADDR.ARPA zone. ForIPv6, the IP6.ARPA zone is

used (see [RFC3596]). The process ofmapping an address to a name is

generally known as a "reverselookup", and the IN-ADDR.ARPA and

IP6.ARPA zones are said to support the"reverse DNS".

IPv4地址到域名的映射是通过在IN-ADDR.ARPA域（zone）中发布的数据实现的，

对于IPv6来说则是通过IP6.ARPA域（zone），这种通过地址查找名字的机制叫做反向查找，N-ADDR.ARPA 和IP6.ARPA域用来支持这样的反向查找

 

The IN-ADDR-SERVERS.ARPA and IN-ADDR.ARPAzones are delegated to the

same servers, since they are both dedicatedfor a single purpose and

hence can reasonably share fate.

IN-ADDR-SERVERS.ARPA 和IN-ADDR.ARPA 域对应于同一个服务器

 

The IP6-SERVERS.ARPA zone has beendelegated to the same set of

servers as IP6.ARPA. IPv4 and IPv6 gluerecords for each of those

servers has been added to the ARPA zone.

IP6-SERVERS.ARPA 和 IP6.ARPA 域对应于同一个服务器