Useful Information / RIPE78
Hi, Is it right, that I can use https://ripe78.ripe.net/on-site/tech-info/ipv6-only-network/ or https://ripe78.ripe.net/on-site/tech-info/dns-over-tls-resolvers/ but not both at the same time? Regards, Thomas -- There’s no place like ::1 Thomas Schäfer (Systemverwaltung) Ludwig-Maximilians-Universität Centrum für Informations- und Sprachverarbeitung Oettingenstraße 67 Raum C109 80538 München ☎ +49/89/2180-9706 ℻ +49/89/2180-9701
Hi, On Thu, May 16, 2019 at 10:10:03AM +0200, Thomas Schäfer wrote:
Is it right, that I can use
https://ripe78.ripe.net/on-site/tech-info/ipv6-only-network/
or
https://ripe78.ripe.net/on-site/tech-info/dns-over-tls-resolvers/
but not both at the same time?
I would guess that the IPv6 resolvers would work, but won't give you DNS64 synthesis... Since you have native v6 at home, it might just work :-) - I'll definitely test! Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
At the last meeting (disclaimer: I'm not running those resolvers any more), NAT64 and DNS-over-TLS worked independently of each other. DNS64 synthesis was applied if the query source IPv6 address was on the NAT64 network, regardless of the port/protocol the query came over. DNS-over-TLS (port 853) was available on all the service IPs of the resolvers, no matter which network you accessed them from. This was intentional so that opportunistic clients like Android 9 would automatically use them. There was a talk about it at the DNS working group at RIPE76: https://ripe76.ripe.net/archives/video/56/ Cheers, Colin On 16-05-19 21:15, Gert Doering wrote:
Hi,
On Thu, May 16, 2019 at 10:10:03AM +0200, Thomas Schäfer wrote:
Is it right, that I can use
https://ripe78.ripe.net/on-site/tech-info/ipv6-only-network/
or
https://ripe78.ripe.net/on-site/tech-info/dns-over-tls-resolvers/
but not both at the same time?
I would guess that the IPv6 resolvers would work, but won't give you DNS64 synthesis...
Since you have native v6 at home, it might just work :-) - I'll definitely test!
Gert Doering -- NetMaster
Hi, Thank you for the video link. It solves my problem. "DNS-over-TLS Resolvers are available at RIPE 78 on a best-effort basis. They are available on TCP port 853, on the same IPv4 / IPv6 addresses as the regular DNS resolvers" lets me think about only regular resolvers. I didn't know or I forgot, DNS64 is provided based on the querying address by ACL. So I can test both features at the same time. @Colin Maybe you add the link https://ripe76.ripe.net/presentations/96-dns-over-tls-resolvers.pdf here https://ripe78.ripe.net/on-site/tech-info/dns-over-tls-resolvers/ @Gert I have no doubt that native IPv6 will work at RIPE, independent of the way IPv4 is added. In the worst case your are right, I can fetch my IPv4-access from m-net, lrz or Go6lab(JanZorz). Thomas
Hi, On Thu, May 16, 2019 at 11:50:28PM +0200, Colin Petrie wrote:
At the last meeting (disclaimer: I'm not running those resolvers any more), NAT64 and DNS-over-TLS worked independently of each other.
DNS64 synthesis was applied if the query source IPv6 address was on the NAT64 network, regardless of the port/protocol the query came over.
Nice! Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
participants (3)
-
Colin Petrie -
Gert Doering -
Thomas Schäfer