IPv6/IPv4 DNS resolver source

Doug Barton dougb at FreeBSD.org
Wed May 28 17:48:45 UTC 2008 

Steve Bertrand wrote:
>>> Is there anyone here who can advise me where in the source tree I 
>>> would find the DNS resolver code that performs AAAA/A record lookups, 
>>> and more specifically, the fallback to A lookup if AAAA fails?
>>
>> Assuming you're considering getaddrinfo(), see res_queryN() in
>> lib/libc/net/getaddrinfo.c.
>>
>> BTW: "fallback" does not really accurately describe the behavior.
>> When AF_UNPSEC is specified, both AAAA and A queries are issued,
>> whether or not the AAAA query fails.
> 
> Thank  you for the info. I did not know that little tidbit.
> 
> I've got my first IPv6 DNS, mail, web etc server up and running now, and 
> before I think about migrating the actual production network, I want to 
> perform some extensive testing, all the while being familiar with the 
> framework of the resolver itself, and how to overcome particular 
> DNS/connectivity issues (if possible).
> 
> ie: I want to learn more about how DNS and IP react in the event I lose 
> my IPv6 BGP peers (or IPv4 peers), and also write in some debug log 
> writing into the resolver if certain events trigger.

If you lose your IPv6 connectivity (or worse, if it's up but not 
performing well) you will run into problems with your end users that 
have IPv6 enabled because when it's on it is generally tried first. 
Since more and more operating systems come with IPv6 enabled by 
default, and more and more networks worldwide are enabling it for 
their users, this can be a problem.

In an ideal world you'll want to be able to monitor your IPv6 
connectivity from key points outside your network, and alert $SOMEONE 
if it isn't working properly. If it's a prolonged outage you will 
probably want to update DNS to withdraw your AAAA records, and at 
least to start with you'll want them to have a fairly short TTL when 
they are in the zone.

Although it is not popular with the "IPv6 do or die!" crowd, one 
procedure I recommend in the early stages of IPv6 deployment is to set 
up nameservers that only listen on IPv6 addresses, and only add the 
AAAA records to the zone files on those nameservers. (The AAAA records 
for the nameservers will have to be in all zone files of course.) At 
least that way you will be sure that the people you serve AAAA records 
to have _some_ kind of IPv6 connectivity, and that your end is at 
least up before sending your end users there. This is not a foolproof 
system because there is not necessarily a 1-to-1 relationship between 
the network that the resolver is on and the network the user is on, 
but for the vast majority it will be, and it's a lot better when 
rolling out to take baby steps till you have found all/most of the 
land mines.

Caveats aside, google has taken a big step into the IPv6 arena giving 
access to their search engine through http://ipv6.google.com/, and 
they have said that once they get the bugs shaken out there they plan 
to go a lot bigger with IPv6 access to their network. This is widely 
recognized as a tipping point in the "must have v6 content to justify 
wider v6 rollout on the consumer side" debate, so anyone not making 
plans for IPv6 on their own network now is already one step behind the 
curve.

There is an excellent list that covers IPv6 operational issues, 
http://lists.cluenet.de/mailman/listinfo/ipv6-ops  You will probably 
want to search the archives there as well.

hth,

Doug

-- 

     This .signature sanitized for your protection

More information about the freebsd-net mailing list