惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
Attack and Defense Labs
Attack and Defense Labs
V2EX - 技术
V2EX - 技术
O
OpenAI News
S
Secure Thoughts
H
Heimdal Security Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Schneier on Security
Schneier on Security
H
Hacker News: Front Page
S
Security Affairs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Vercel News
Vercel News
Microsoft Security Blog
Microsoft Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
P
Proofpoint News Feed
The Register - Security
The Register - Security
GbyAI
GbyAI
Cloudbric
Cloudbric
MongoDB | Blog
MongoDB | Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
Forbes - Security
Forbes - Security
Y
Y Combinator Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
Scott Helme
Scott Helme
Hacker News - Newest:
Hacker News - Newest: "LLM"
The Cloudflare Blog
Recorded Future
Recorded Future
人人都是产品经理
人人都是产品经理
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
Webroot Blog
Webroot Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LangChain Blog
T
Tor Project blog
Microsoft Azure Blog
Microsoft Azure Blog
博客园_首页
Hacker News: Ask HN
Hacker News: Ask HN
Blog — PlanetScale
Blog — PlanetScale
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
B
Blog RSS Feed
N
News and Events Feed by Topic
阮一峰的网络日志
阮一峰的网络日志
I
Intezer
V
V2EX
T
Tailwind CSS Blog
SecWiki News
SecWiki News
NISL@THU
NISL@THU
C
Check Point Blog

dns64 on CoreDNS: DNS and Service Discovery

暂无文章

dns64
2022-01-24 · via dns64 on CoreDNS: DNS and Service Discovery

Description

The dns64 plugin will when asked for a domain’s AAAA records, but only finds A records, synthesizes the AAAA records from the A records.

The synthesis is only performed if the query came in via IPv6.

This translation is for IPv6-only networks that have NAT64.

Syntax

dns64 [PREFIX]
  • PREFIX defines a custom prefix instead of the default 64:ff9b::/96.

Or use this slightly longer form with more options:

dns64 [PREFIX] {
    [translate_all]
    prefix PREFIX
    [allow_ipv4]
}
  • prefix specifies any local IPv6 prefix to use, instead of the well known prefix (64:ff9b::/96)
  • translate_all translates all queries, including responses that have AAAA results.
  • allow_ipv4 Allow translating queries if they come in over IPv4, default is IPv6 only translation.

Examples

Translate with the default well known prefix. Applies to all queries (if they came in over IPv6).

. {
    dns64
}

Use a custom prefix.

. {
    dns64 64:1337::/96
}

Or

. {
    dns64 {
        prefix 64:1337::/96
    }
}

Enable translation even if an existing AAAA record is present.

. {
    dns64 {
        translate_all
    }
}

Apply translation even to the requests which arrived over IPv4 network. Warning, the allow_ipv4 feature will apply translations to requests coming from dual-stack clients. This means that a request for a client that sends an AAAA that would normal result in an NXDOMAIN would get a translated result. This may cause unwanted IPv6 dns64 traffic when a dualstack client would normally use the result of an A record request.

. {
    dns64 {
        allow_ipv4
    }
}

Metrics

If monitoring is enabled (via the prometheus plugin) then the following metrics are exported:

  • coredns_dns64_requests_translated_total{server} - counter of DNS requests translated

The server label is explained in the prometheus plugin documentation.

Bugs

Not all features required by DNS64 are implemented, only basic AAAA synthesis.

  • Support “mapping of separate IPv4 ranges to separate IPv6 prefixes”
  • Resolve PTR records
  • Make resolver DNSSEC aware. See: RFC 6147 Section 3

See Also

See RFC 6147 for more information on the DNS64 mechanism.