Upload
-otsuka752
View
1.761
Download
2
Embed Size (px)
Citation preview
android が ipv4only.arpa. の AAAA を引く理由
~ 192.0.0.4 が自動設定される謎 ~
2015/09/12 #dnsonsen2 @otsuka752 (@twovs)
about me• @otsuka752 (@twovs)
• ネコ+奥さん+娘
• 無線LAN 装置の開発(1999-2004)
• オンラインゲームのシステム管理者(2004-2015)
• クラウドの中の人(2015-)
• http://tcpreplay.jp/ やってます
about me (DNS)• 2014年 : 某新 gTLD 申請
• SLD の権威サーバ運用せねば
• 第一回 DNS 温泉参加!
• 2015年 : 某新 gTLD 申請取り下げ
• 取り下げはちょっと残念
• 第二回 DNS 温泉参加! ←いまここ
• 2016年
• 第三回 DNS 温泉参加予定!
最初に背景
© 2015 Apple Inc. All rights reserved. Redistribution or public display not permitted without written permission from Apple.
#WWDC15
Your App andNext Generation Networks
Prabhakar Lakhera Core OS Networking EngineerStuart Cheshire DEST
System Frameworks
Session 719
(抜粋)WWDC15 - Your App and Next Generation Network
IPv4 Server
Cellular Data Network
DNS64NAT64
IPv6 Server
IPv6 AccessConnectivity
DNS64 synthesizes IPv6 address for IPv4 serverNAT64 performs IPv6 to IPv4 address translation
(抜粋)WWDC15 - Your App and Next Generation Network
IPv4 Server
Cellular Data Network
DNS64NAT64
IPv6 Server
IPv6 AccessConnectivity
DNS64 synthesizes IPv6 address for IPv4 serverNAT64 performs IPv6 to IPv4 address translation
(抜粋)WWDC15 - Your App and Next Generation Network
Your App Has To Be IPv6 ReadyIt will be an app submission requirement later this year!
(抜粋)WWDC15 - Your App and Next Generation Network
iOS アプリ IPv6 対応しないと
リジェクト!
NAT64 + DNS64 Internet Sharing
IPv4 WAN
IPv6 AccessConnectivity
DNS64NAT64
(抜粋)WWDC15 - Your App and Next Generation Network
NAT64 + DNS64 Internet Sharing
IPv4 WAN
IPv6 AccessConnectivity
DNS64NAT64
DNS64(!?)
NAT64 + DNS64 Internet Sharing
IPv4 WAN
IPv6 AccessConnectivity
DNS64NAT64
NAT64 + DNS64 Internet Sharing
IPv4 WAN
IPv6 AccessConnectivity
DNS64NAT64
192.0.0.4
症状・状況
• android を NAT64/DNS64 に接続すると192.0.0.4 が自動設定される
• NAT64/DNS64 でない環境(e.g. IPv6 only)だと 192.0.0.4 は設定されない
• ただし、全ての android 端末ではない
16
基礎知識
ipv4only.arpa.
RFC7050 : Discovery of the IPv6 Prefix Used for IPv6 Address Synthesis
Well-Known IPv4-only Name (WKN): the fully qualified domain name, "ipv4only.arpa.", well-known to have only A record(s).
Well-Known IPv4 Address (WKA): an IPv4 address that is well-known and present in an A record for the well-known name. Two well-known IPv4 addresses are defined for Pref64::/n discovery purposes: 192.0.0.170 and 192.0.0.171.
18
ipv4only.arpa.$ dig @8.8.8.8 ipv4only.arpa. A (snip)
;; ANSWER SECTION: ipv4only.arpa. 86400 IN A 192.0.0.170 ipv4only.arpa. 86400 IN A 192.0.0.171
(snip)
$ dig @8.8.8.8 ipv4only.arpa. AAAA (snip)
;; AUTHORITY SECTION: ipv4only.arpa. 1464 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015072119 7200 3600 604800 3600
(snip)
19
NAT64/DNS64
• NAT64(RFC6146)
Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers
• DNS64(RFC6147)
DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers
20
464XLAT
• 464XLAT(RFC6877)
464XLAT: Combination of Stateful and Stateless Translation
21
��2013 (c) INTERNET MULTIFEED CO.
NAT64
IPv6 IPv4 − NAT[RFC6146]
IP/ICMP [RFC6145] NAPT-PT DNS ALG DNS64[RFC6147] v6 v6v4 TCP/UDP/ICMP NAT NAT Traversal
96-bit IPv6 32-bit IPv4 128-bit IPv6
DNS DNS64 DNS
ALG IPv4
MSN Messenger (2009 ) 2.38 Web IPv4
IPv6
IPv4
NAT64
DNS64DNS
[v4literals]
復習> IPv4/IPv6 移行・共存技術の動向(P.24)
http://www.slideshare.net/yuyarin/i-pv4-ipv6coexistance/24
22
��2013 (c) INTERNET MULTIFEED CO.
464XLAT
IPv4/IPv6 [RFC6145] NAT64[RFC6146] v4/v6/v4 RFC6877 [RFC6877] NAT64 IPv4-IPv4 DNS ALG
CLAT IPv4 IPv6 (1:1) PLAT NAT64 IPv6 IPv4 − (n:1)
IPv6 IPv4
PLAT
−64 (RFC6146(NAT64))
IPv4
CLAT
46 (RFC6145)
ISP
復習> IPv4/IPv6 移行・共存技術の動向(P.25)
http://www.slideshare.net/yuyarin/i-pv4-ipv6coexistance/25
23
NAT64/DNS64IPv4
IPv6
client
IPv6
NAT64/DNS64 RoutingNAT64
• IPv4 アドレス直接指定では通信できない
• AAAA を DNS64 に聞いてからでないと通信できない24
464XLATIPv4
PLAT(NAT64)
IPv6
CLAT(Translation)
IPv6
IPv4 IPv6
client
Routing
Routing
NAT64
Translation
NAT64/DNS64 で動かなくても
464XLAT なら動く場合もある
26
IPv4
IPv6
client
IPv6
NAT64/DNS64
IPv4
PLAT(NAT64)
IPv6
CLAT(Translation)
IPv6
IPv4 IPv6
client
NAT64 464XLAT
27
IPv4
IPv6
client
IPv6
NAT64/DNS64
client
IPv4
PLAT(NAT64)
IPv6
CLAT(Translation)
IPv6
IPv4 IPv6
NAT64 464XLAT
28
IPv4
IPv6
client
IPv6
NAT64/DNS64
NAT64 464XLATIPv6
android
IPv4
IPv4 IPv6
PLAT(NAT64)
CLAT(Translation)
29
clatd (daemon)
192.0.0.4
IPv6
android-clatandroid clat service
This software provides the nat 4->6 translation needed for the "clat" part of the 464xlat standard. It is needed for better IPv4 application support while on an IPv6-only mobile network connection using 464xlat's nat64 (such as T-Mobile's IPv6 trial).
A general diagram of how 464xlat works: http://dan.drown.org/android/clat/Clat-Plat.png
30https://android.googlesource.com/platform/external/android-clat/
android-clat/clatd.conf
31https://android.googlesource.com/platform/external/android-clat/+/master/clatd.conf
まとめ
まとめIPv6
android
IPv4
PLAT(NAT64)
IPv6
clatd
IPv4 192.0.0.4
IPv6 2001:db8::x
33
• ipv4only.arpa. の AAAA のAnswer があったら DNS64/NAT64 配下にいると判断
• Answer の prefix を PLAT のサブネットとして利用
• clatd 起動(192.0.0.4 を設定)
• NAT64 ルータを PLAT に
• 対戦xxxxxxxxxxも動く !?
Question ?
35
NAT64/DNS64 環境だとAAAA の Answer がある
36
NAT64/DNS64 以外だとAAAA の Answer は無し
37
NAT64/DNS64 でも 8.8.8.8 に ping=OK
END
38