IPv6 LLU Endpoint Support in DNS
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
Title |
| |
Subtitle |
| |
Alternative Title |
| |
Title of Series | ||
Number of Parts | 490 | |
Author | ||
License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
Identifiers | 10.5446/47009 (DOI) | |
Publisher | ||
Release Date | ||
Language |
Content Metadata
Subject Area | ||
Genre | ||
Abstract |
|
FOSDEM 202047 / 490
4
7
9
10
14
15
16
25
26
29
31
33
34
35
37
40
41
42
43
45
46
47
50
51
52
53
54
58
60
64
65
66
67
70
71
72
74
75
76
77
78
82
83
84
86
89
90
93
94
95
96
98
100
101
105
106
109
110
116
118
123
124
130
135
137
141
142
144
146
151
154
157
159
164
166
167
169
172
174
178
182
184
185
186
187
189
190
191
192
193
194
195
200
202
203
204
205
206
207
208
211
212
214
218
222
225
228
230
232
233
235
236
240
242
244
249
250
251
253
254
258
261
262
266
267
268
271
273
274
275
278
280
281
282
283
284
285
286
288
289
290
291
293
295
296
297
298
301
302
303
305
306
307
310
311
315
317
318
319
328
333
350
353
354
356
359
360
361
370
372
373
374
375
379
380
381
383
385
386
387
388
391
393
394
395
397
398
399
401
409
410
411
414
420
421
422
423
424
425
427
429
430
434
438
439
444
449
450
454
457
458
459
460
461
464
465
466
468
469
470
471
472
480
484
486
487
489
490
00:00
Address spaceState of matterSpeech synthesisDirect numerical simulationCurveLecture/Conference
00:18
ImplementationDirect numerical simulationTouchscreenRight angleVideo gameCurveLocal ringGoodness of fitOrder (biology)Address spaceLink (knot theory)CASE <Informatik>Direct numerical simulationExecution unitLine (geometry)Software developerState of matterServer (computing)UnicastingverfahrenResolvent formalismSpeicheradresseLattice (group)Internet der DingeRevision controlINTEGRALComputer animation
01:38
Personal digital assistantDisintegrationFocus (optics)Address spaceLibrary (computing)Direct numerical simulationSpeicheradresseMessage passingService (economics)Server (computing)CoroutineNetwork socketString (computer science)Computer fontFunction (mathematics)Communications protocolResultantBroadcast programmingSoftwareCASE <Informatik>MereologyLibrary (computing)Direct numerical simulationAddress spaceUniverse (mathematics)CurveNetwork socketInterface (computing)Metropolitan area networkBitStudent's t-testUnicastingverfahrenServer (computing)Link (knot theory)SpeicheradresseLocal ringResolvent formalismMessage passingPattern recognitionFunctional (mathematics)Order (biology)NetbookGraphics tabletLipschitz-StetigkeitCommunications protocolRow (database)Revision controlComputer programmingMedical imagingProjective planeClient (computing)Computer animation
03:36
Digital signalDirect numerical simulationServer (computing)ImplementationEmailCollaborationismTable (information)Library (computing)Client (computing)Modul <Datentyp>Electric currentImage resolutionUDP <Protokoll>Direct numerical simulationSoftwareCurveServer (computing)Patch (Unix)Order (biology)RecursionTerm (mathematics)Ocean currentCache (computing)CoroutineClient (computing)Context awarenessComplete metric spaceLibrary (computing)Table (information)BlogRevision controlBitResolvent formalismMereologyDependent and independent variablesEncryptionQuery languageDemonSpeicheradresseProduct (business)Service (economics)Goodness of fitWater vaporAddress spaceExecution unitUniverse (mathematics)Bernstein polynomialProcess (computing)Poisson-KlammerPoint (geometry)System callEuler anglesWeightBus (computing)WebsiteComputer animation
05:53
Server (computing)Direct numerical simulationTable (information)Modul <Datentyp>Client (computing)UDP <Protokoll>Digital signalSystem programmingImplementationEmailCollaborationismLibrary (computing)FactorizationElectric currentImage resolutionPhysical systemDirect numerical simulationAddress spaceSoftwareRow (database)Revision controlUnicastingverfahrenUniverse (mathematics)Electronic signatureLocal ringPointer (computer programming)Stack (abstract data type)Keyboard shortcutLink (knot theory)Sheaf (mathematics)Bit rateComputer animation
06:40
SpeicheradresseTime zoneCASE <Informatik>Direct numerical simulationNetwork topologyAddress spaceContext awarenessLink (knot theory)UnicastingverfahrenLocal ringPersonal digital assistantWebsiteServer (computing)No free lunch in search and optimizationUniqueness quantificationInterface (computing)Price indexLokaler ZusammenhangDirect numerical simulationResolvent formalismMereologyLink (knot theory)Local ringDressing (medical)AreaExecution unitCentralizer and normalizerRevision controlClient (computing)Subject indexingSoftwareComputer fileInterface (computing)Product (business)UnicastingverfahrenSpeicheradresseTime zoneAddress spaceServer (computing)Keyboard shortcutComputer animation
07:42
Price indexInterface (computing)Personal digital assistantDirect numerical simulationLink (knot theory)Local ringSpeicheradresseContext awarenessUnicastingverfahrenTime zoneCASE <Informatik>Computer fileAddress spaceServer (computing)WebsiteUniqueness quantificationNetwork topologyArchitectureDirect numerical simulationSubject indexingLocal ringUnicastingverfahrenKeyboard shortcutAddress spaceCache (computing)Server (computing)MereologyInterface (computing)InformationExecution unitComputer animation
08:06
Address spaceConfiguration spaceRouter (computing)Local ringInformationLink (knot theory)SpeicheradresseComputer configurationClient (computing)Message passingRecursionDirect numerical simulationElectronic mailing listServer (computing)Principal idealComputer networkSource codeMIDIData typeUnicastingverfahrenReal numberLocal ringClient (computing)Revision controlConfiguration spaceRouter (computing)Link (knot theory)Different (Kate Ryan album)CASE <Informatik>BitAddress spaceSoftwareIP addressCommunications protocolNumberTransport Layer SecurityVapor barrierPoint (geometry)Execution unitRight angleRoutingLiquidExt functorComputer animation
09:18
Address spaceConfiguration spaceRouter (computing)InformationLocal ringLink (knot theory)SpeicheradresseComputer configurationClient (computing)Message passingDirect numerical simulationRecursionElectronic mailing listServer (computing)Principal idealComputer networkService (economics)RecursionLocal ringDirect numerical simulationInformationElectronic mailing listNumberRevision controlSpeicheradresseAdditionAddress spaceBitRouter (computing)Server (computing)UnicastingverfahrenIP addressPoint (geometry)Arithmetic meanSlide ruleStrategy gameProcess (computing)DemonLink (knot theory)Operator (mathematics)SoftwareVideo gameFerry CorstenComputer animation
10:09
Address spaceLink (knot theory)Network socketSpeicheradresseUDP <Protokoll>UnicastingverfahrenWebsiteLocal ringRouter (computing)Data typeComputer iconUniqueness quantificationLoop (music)TelecommunicationPrice indexInterface (computing)HierarchyTable (information)Keyboard shortcutInformationAddress spaceService (economics)Direct numerical simulationRevision controlFunctional (mathematics)Dot productUnicastingverfahrenBitSpeicheradresseSoftwareDoubling the cubeExecution unitTablet computerProjective planeCausalityLatent heatVideo gameLine (geometry)Computer animation
11:24
UDP <Protokoll>SpeicheradresseNetwork socketTelecommunicationPrice indexUnicastingverfahrenLocal ringLink (knot theory)Interface (computing)Address spaceWebsiteKeyboard shortcutTable (information)HierarchyRouter (computing)Data typeComputer iconUniqueness quantificationLoop (music)InformationServer (computing)Client (computing)Query languageComputer configurationDirect numerical simulationNumbering schemeKernel (computing)Parameter (computer programming)Similarity (geometry)Sign (mathematics)Positional notationDuality (mathematics)Stack (abstract data type)Subject indexingRevision controlInterface (computing)Sign (mathematics)Arithmetic meanSpeicheradresseServer (computing)Parameter (computer programming)SoftwareAddress spaceBitInstance (computer science)Service (economics)Fitness function
12:29
Keyboard shortcutNumbering schemeInterface (computing)Price indexLaceDirect numerical simulationServer (computing)Kernel (computing)Network socketParameter (computer programming)Address spaceSimilarity (geometry)Positional notationDuality (mathematics)Stack (abstract data type)Client (computing)Query languageSpeicheradresseInformationComputer configurationLoop (music)Computer networkComputational fluid dynamicsSample (statistics)DemonCasting (performing arts)EmailSubject indexingRevision controlInterface (computing)Cache (computing)Arithmetic meanService (economics)Keyboard shortcutDatabaseReverse engineeringSpeicheradresseDirect numerical simulationAddress spaceLocal ringInstance (computer science)Different (Kate Ryan album)BSD UNIXCuboidQuery languageNetwork socketPhysical systemNumbering schemeServer (computing)Link (knot theory)Time zoneClient (computing)Computer fileInformationOrder (biology)SoftwarePoint (geometry)BitPhase transitionSystem callWeightDecision theoryIP addressOperating systemInternetworkingExecution unitLine (geometry)
15:12
Query languageKeyboard shortcutComputer networkSpeicheradresseSample (statistics)Positional notationDemonAddress spaceInterface (computing)Casting (performing arts)Inclusion mapAddress spaceOrder (biology)Direct numerical simulationDifferent (Kate Ryan album)Doubling the cubeKeyboard shortcutRecursionProjective planeBit rateSystem callCuboidArithmetic meanSoftwareBit
16:07
Direct numerical simulationRecursionInformationRouter (computing)Physical systemImplementationConfiguration spaceElectric currentCanonical ensembleLatent heatIntegrated development environmentWindows RegistryInterface (computing)Uniform resource locatorRepository (publishing)SpeicheradresseElectronic mailing listImage resolutionSimultaneous localization and mappingComputer networkKeyboard shortcutSample (statistics)Positional notationDemonAddress spaceCasting (performing arts)Convex hullMIDIElectric generatorRevision controlInterface (computing)Casting (performing arts)SoftwareServer (computing)Address spaceOrder (biology)Reverse engineeringInstance (computer science)Keyboard shortcutNetwork socketLatent heatComputer configurationVirtual LANConfiguration spaceResultantMereologyPhysical systemComputer animation
16:54
Direct numerical simulationRecursionInformationRouter (computing)Physical systemImplementationElectric currentConfiguration spaceCanonical ensembleIntegrated development environmentLatent heatWindows RegistryInterface (computing)Uniform resource locatorRepository (publishing)SpeicheradresseElectronic mailing listImage resolutionTask (computing)Fraction (mathematics)ParsingError messageStandard deviationFile formatClient (computing)Computer programContent (media)MereologyResolvent formalismDirect numerical simulationLatent heatPhysical systemAddress spaceConfiguration spaceInterface (computing)Computer fileWindowFile formatKeyboard shortcutCartesian coordinate systemRevision controlOperating systemWeb 2.0Standard deviationInformationDifferent (Kate Ryan album)Centralizer and normalizerResultantSoftware testingWordCodeRight angleService (economics)Computer animation
18:21
Direct numerical simulationRepository (publishing)Task (computing)ImplementationError messageParsingFraction (mathematics)SpeicheradresseStandard deviationFile formatClient (computing)Configuration spaceComputer programContent (media)Latent heatComputer fileKeyboard shortcutObject (grammar)Direct numerical simulationRootLocal ringRevision controlServer (computing)RecursionBookmark (World Wide Web)Different (Kate Ryan album)BitComputer animation
19:03
Direct numerical simulationIntegrated development environmentVariable (mathematics)ImplementationSpeicheradresseMixed realityFile formatInterface (computing)Library (computing)Canonical ensembleEnthalpyDirect numerical simulationIntegrated development environmentCartesian coordinate systemLibrary (computing)Server (computing)Different (Kate Ryan album)Cache (computing)CurveInterface (computing)Lipschitz-StetigkeitLocal ringLink (knot theory)SoftwareDirectory serviceComputer animation
19:31
Direct numerical simulationVariable (mathematics)Integrated development environmentImplementationSpeicheradresseMixed realityFile formatInterface (computing)Library (computing)Canonical ensembleEnthalpyQuantumSubject indexingWebsiteLocal ringInterface (computing)Cartesian coordinate systemVariable (mathematics)SoftwareIntegrated development environmentInstance (computer science)Source codeConfidence intervalStandard deviationComputer animation
20:12
Table (information)Information securityTelecommunicationComputer networkSpeicheradresseContent (media)Address spaceCache (computing)Query languageDirect numerical simulationServer (computing)InternetworkingEncryptionTransport Layer SecurityConfiguration spaceSoftwareVirtual realityInterface (computing)TopologyLink (knot theory)Value-added networkService (economics)Keyboard shortcutInformationTranslation (relic)Local ringTime domainNeuroinformatikLatent heatTime zoneSolid geometryComputing platformClient (computing)Inclusion mapCASE <Informatik>Cartesian coordinate systemUniform resource locatorMultiplication signLibrary (computing)Arithmetic meanDirect numerical simulationResolvent formalismPoint (geometry)TelecommunicationService (economics)SoftwareCoroutineProjective planeIP addressInformationServer (computing)Group actionBitFigurate numberResultant
21:32
Point cloudFacebookOpen sourcePerfect groupInformationExpert systemLecture/Conference
Transcript: English(auto-generated)
00:06
Good morning. Welcome back to the DNS Dev Room. Our next speaker is Erwin Hofmann. He will be speaking about the state of DGB DNS curve 6. Oh, oh, oh. Spoilers.
00:22
You leaked my... Oh yeah, this, yeah. Let's try that again. Full screen. Yeah. Technology, I'm sorry.
00:41
It's... It's lattice. Fine. Let's do it. Good luck. That's working, hey. Yeah, good morning everybody. Thanks for the invitation here, for Fostom here, for the talk here. And I will try to give you some ideas about what I did regarding the further developments of DGB DNS.
01:03
In particular, what I've called DGB DNS curve 6. Stay behind the line. Oh, behind that line. Okay, fine. Yeah, okay, fine. And I also would like to provide you some ideas about a particular use case. That means how to integrate IP version 6 link local unicast addresses here to use it on a stop resolver and a DNS server.
01:26
So that's a particular use case which I think is quite nice in order to get some ideas about IoT devices here. So let's make at first some kind of historical note. DGB DNS curve, essentially it's a fork of Daniel Bernstein's DGB DNS.
01:43
I'm not here to advocate Bernstein and I'm not here to talk about the benefits of curved DNS versus DNS sec. That's not the scope of my topic here. But rather what I did so far is to make it more usable here, the software here of Daniel Bernstein. And also to provide some kind of libraries which you can use for standard projects, let's say.
02:03
And one of those libraries I call vhqlibs, or simply qlibs, which simply integrate all the functions you need in order to do IPv6 address passing. In particular, side-eye recognition and also the use of socket interface and all that stuff what you actually need for network programming.
02:24
So this is done in a way we have a DNS stop resolver we can use. And on the other side, DGB DNS curve 6. It's more or less full-blown DNS server, although with a limited scope more or less. So the achieved results I would like to present here are mainly a part of the results we have done at the university in Frankfurt.
02:46
University of Applied Sciences here, together with my students. And I put them into software here and I presented it here in that way. So also if you'd like to have some deeper understanding of the IPv6 protocol, you can read, if you can read German, some of my books.
03:01
Which is called Technique of the IP Networks here. So what I actually cover here in my talk here is a little bit about the history of DGB and FQR 6 and also my software library qlibs. I would like to introduce you to the ideas of using IPv6 addresses and in particular IPv6 link local unicast addresses here for DNS services.
03:22
Applying those to servers and clients, of course, and maybe also to discuss some use cases why it is beneficial to do so. So it seems actually DNS is something for the old grey man here, as we have seen so far. Let's see what we can do about that.
03:40
Now, just to give you some kind of history, I support the software of Bernstein here since about 20 years I would say. Initially I did some patches here for Qmail. Now I have my own fork running which is called SQmail. And this is more or less aligned with what Felix von Leitner does, which is known to be the German blogger Pfeiffer here. And we all a little bit work together in this context here.
04:05
And what I did so far was essentially to make all the routines Bernstein has developed like UCSP, TCP and Qmail and in particular the DJB DNS here to make it IPv6 aware. And in the sense IPv6 is really completely supported by the product and not just in the terms of patches over here.
04:25
So the current releases what I do have is DJB DNS curve 6 in version 36A. And the current running DNS step resolver library is part of the QLIPs in version 12C so far. So you see on the table here what are the essential servers which are coming with the DJB DNS curve 6.
04:48
Essentially I do have a content server which is called TinyDNS. That's really tiny, it just speaks UDP and it has no other understanding more or less except for the complete IPv6 support. I also have a software piece which is called RAL DNS.
05:03
It's a relay blackless daemon. And it's actually quite nice because it also provides you with the capability to have IPv6 addresses in here and to look up those here for protection here. I do have RAL DNS inside there. But the main routine essentially is what I call DNS cache which is a caching server,
05:23
a recursive name server here which is used essentially for the clients in order to contact you. So this DNS cache as you can see has the benefits. It includes TCP support and UDP support. E-DNS support is done on the server side and the curve DNS has been completely included.
05:41
So what you can get here is that you can receive encrypted DNS responses and of course you do the query also in a secure way. The clients are pretty slim. We have some clients which is DNS IP. It's DNS MX to look up the MX records. It's a DNS name, it's getting the pointer records here and it's DNS text to get the text records.
06:05
That's all I have. It's nothing really particular in here and cannot compare with other full-blown software stacks like PowerDNS or Bind, whatever you have. So it's a really tiny section over here. So the idea what I had was back some years when I gave some lectures
06:21
about distributed systems here at the Vietnamese German University in Ho Chi Minh City to solve somehow the so-called Byzantineian Generals problem to get valid answers essentially from a collaborating system. But that's the basic idea without using essentially signatures like DNS it's providing. Now, the main idea here of that talk is to give you some ideas why it is useful to have IP version 6 linked local unicast address support in DNS.
06:51
It gives a particular scope here and let's discuss essentially some important items here. At first the IP version 6 linked localcast addresses are prohibited to be part of a zone file.
07:05
That means you cannot have a heavy AD kind of address here in a zone file. It simply does not work. You probably can do that, but it's not working because you're lacking the so-called interface index here. And that's actually expressed here already in the RFC 447 essentially.
07:20
So you cannot do that. But on the other hand, you are free to bind your DNS server and also to use your DNS clients, a sub-resolver here, to use IP version 6 so-called linked localcast unicast addresses here. And I don't know which product is actually using this, but at least you can get it here with my kind of software here. That means we have to solve two essential problems over here.
07:42
One problem is that the DNS server, whether it is a content server or a cache server, it needs to bind to a linked local unicast address, which only can be done if you actually perform additional information, which we call the interface index. Second, we have to tell the DNS sub-resolver that it can use this kind of address.
08:02
And that's the more tricky part. And how this is done, I just will tell in a few minutes here. So I don't know how well you are familiar with the IP version 6 protocol and its benefits. But it's a little bit different beast, like IP version 4, what we have seen before. So the main idea of IP version 6 is the following, that everything what you do essentially is auto-configured.
08:24
And you can see that here on the right-hand side here. So what essentially the client does, in case it's going online on the network, so you get some kind of link here on the network, it asks for essentially a prefix, and also it does some kind of auto-configuration of the IP address.
08:42
We call this stateless address auto-address configuration over here. That means that the client looks for and configures itself an IP version 6 address, which is in the beginning a so-called linked local unicast address, starting with every 80, essentially. So that's the basic idea. Now, the next step in the IP version 6 network, if it is a real IP version 6 network,
09:03
is that we have a router in the network which does some kind of router advertisements. The router advertisements are done, again, using this IP version 6 LLU address, and the router advertisements provide us with a network prefix here, like 2001 something, blah, blah, blah.
09:20
And also we can get the IP addresses of the routers, and in particular what you can also get, and that's point number three, you can get information about the DNS services. That means the DNS servers, the recursive name servers in your network, are published or could be published by means of a router advertisement daemon, for instance, and in addition with the IP version 6 address, it can publish a search list here.
09:45
So that's quite nice to have it, Joe. It's all confined, and the very interesting idea about that is everything here, what is happening on that slide here is happening using linked local unicast addresses or perhaps some kind of multicast addresses.
10:03
So let's have an idea about the addresses. The address strategy in IP version 6 is a little bit different regarding IP version 6. So it very strongly depends on the very first bit of the IP version 6 address. It starts with the highest bits to be won. These are multicast addresses. Remember, in IP version 6 we do not have any broadcast, just multicast.
10:23
And from here we have a kind of functional addresses, and one particular functional address is the DNS multicast address, which is shown here to be FF01FB at the very end. So we can have multicast services here, DNS services here on the network,
10:40
but that's nothing I talk about today. It's a future project, essentially. Now, we need to understand in IP version 6 networks, information essentially is sent to multicast addresses, and that's this idea here that we use multicast address as a recipient address. The target address, rather, could either be a unicast address
11:03
or it could be what we call an unspecified address. The unspecified address is something you know in the IP version 6 network, which is simply indicated by the double dots. The double dots is the unspecified address, and that's at the very lowest line. That means in the IP version 6 address, everything is essentially set to zero.
11:26
And then you can get the hierarchy here. We have the host addresses here, the loopback address here, we have the LLU addresses, we have the OOLA addresses, which are a little bit like IP version 4 private addresses here, and we have the routable addresses in the IP network,
11:41
which is the blue zone over here. So, the problem is now how to get a server, how to make a server understanding about the interface index here. And I have chosen in my software two different ways. The one way you can specify additionally with the IP version 6 address, like every 80 dot dot one, for instance,
12:01
you can specify as a particular argument the interface name, like eth0 or whatever you like to do. That's something you can do. The other way is you have something like a composite address. A composite address essentially includes on the one side the respective IP version 6 LLU address,
12:21
and then concatenated by means of a percent sign the particular interface name. That can be done. Now, remember, in the IP version 6 world, we have the following very important issue. The IP version 6 address, given its LLU variant, can be the same on different interfaces.
12:42
That's the reason why you have the requirement to have this interface index whatever you need so far. That's the idea how to bind it. That's pretty easy. You can find it in my software. It's online. You can see the links later on. You can see how to do it. That's the basic idea. Now, in particular for a DNS service,
13:01
it would be very nice to have a common service for IP version 4 and IP version 6, of course. It's the same information. We do not have different zone files or databases for IP version 4 and IP version 6. I rather do not have a particular forwarding and reverse zone. I would like to keep it simply in a simple database here.
13:21
And in order to do so, you need to bind the server both to the available IP version 4 and IP version 6 addresses. That's not that easy, because mostly today the operating system inhibits this, and you have to find a particular socket setting in order to do so. And in my software, I have chosen a simple scheme. That means if you are using the software,
13:44
and you simply define a colon zero address, it says bind to all available IP version 4 and IP version 6 addresses. And that's done. That means now a DNS cache can essentially handle requests from IP version 4 and IP version 6 clients.
14:05
Remember, what's also interesting, and that's in the box down there, in the IP version 6 network, you have now three loopback interfaces. The one loopback interface is given for the IP version 4 address. That's a common 127.0.1. We have the global scoped loopback interface,
14:21
which is a colon colon one address. And we have a local scoped loopback interface in a BSD kind of software, in a BSD Unix. Simply, it is expressed as every 80 colon colon one percentage LO0, for instance. Though we have a different kind of guy here. You can bind a service to any of those addresses.
14:44
Now, let's have a real understanding of what the thing is doing. That's a more general picture here of what my DNS cache is doing. It receives essentially requests from the clients. These requests from the clients can originate from an IP version 4 network. They can originate from an IP version 6 network,
15:00
or they can reach the server by means of a linked local unicast addresses. That means I can configure that server to listen to all these kinds of addresses. That's quite nice. On the other hand, the forwarding of the query to the internet, to the recursion, could be done on a completely different address. That means recursion and listening
15:20
are sitting on different IP addresses, so you can have a more resilient situation here. It's a more robust way in order to do the DNS lookup here. And you see I do not currently support DNS sec validation, but that's a project which will come also. So that's the difference here. Now, if you see the dual stack binding,
15:43
what I have is indicated here on the yellow box, having the $0 kind of address. And there's one other address which is quite of some interest I can use in my software, so double column address to bind to the unspecific address, to bind to the unspecific address,
16:01
which is actually used not for receiving, but it's actually used just for sending. So what does that mean? This means essentially that I can do what I call reverse IP version 6 anycasting, which means in the IP version 6 network, you can actually have the generation
16:21
of interfaces here on demand. That means you can set up a VLAN interface on demand for software-defined network, for instance. And here what you can do essentially is the server is able to bind to newly generated interfaces. So as soon as it recognizes a new IP version 6 address, it binds automatically to that new address
16:41
without any kind of reconfiguration. That's completely done automatically. And there you use a specific socket option in order to do so. So that's a nice thing. That means you can generate these kind of bindings here, which are not common these days. Now the more tricky part is the DNS stub resolver. The problem is the DNS stub resolver regarding the Unix operating system
17:02
is mostly based on what we have seen. It's called the system-wide configuration file, which is simply etc-resolve.conf. The problem with the etc-resolve.conf is it is not standardized. There is no RFC telling what is the format. And there is no way to integrate an IP version 6 LLE address in that DNS configuration file.
17:21
No way. It simply doesn't work. You can try it, but it does not work. Essentially you can break it. So that's the standard Unix way to have a central system-wide configuration file. The Windows operating system makes it different. The Windows operating system essentially generates for each interface a certain possibility
17:42
to forward the DNS requests over the interface here. So that's interface specific. What I use in my software, according to what Daniel Bernstein actually has coded, is an application specific kind of binding. That's very similar to DOH. If you have DOH, you have a web browser, it simply checks for its own name resolver.
18:02
And that's what you can do here also for any application using it. That's quite nice to see that this is working that way. So essentially it's this kind of configuration what we have in a standard way. We have the etc-resolve.conf. And you remember the etc-resolve.conf, just what we have heard from Renzo.
18:20
It's essentially fed with information coming from the root advertisement daemon, or from the DHCP server, or from the DHCP version 6 server. Or you could enter configuration in etc-resolve.conf manually. But it's overwritten by any of those services. You cannot rely on it. It could change. Everything could change here. But that's a rather unfavorable situation, more or less.
18:43
Essentially what we need to have is a DNS send. A DNS send says what are the DNS recursive servers we need to contact here, and what is our local domain, essentially. Typically this is done in the libresolve.so shared object file here, given the bind APIs.
19:01
But that's a standard situation. Now the way I did it is a little bit different. The way I do it here is that I have a specific library, given my qlibs here, or the DJB DNS curve 6 libraries here, which needs to be linked with your application. Given this linked application,
19:21
you can have a certain environment variable, which is called DNS cache IP. And now you can say in the DNS cache IP environment variable which name servers you can actually contact to, in particular including the interface index. And also what you could have here to define what is your local domain. That means you can have a specific network setting
19:43
for an application which is using this kind of interface here. So this is a site from the standard libresolve.conf, for instance. And this feature, what I have introduced, of course, does a fallback. The fallback simply says, if these environment variables are not present,
20:00
simply use the standard etcresolve.conf, of course. So these things are not in the opposite, but rather you can use them all together. So that's the basic idea. Now, given this idea, you can set up some kind of services.
20:20
You can have IoT communication. And here, essentially, the software is so tiny that you can build up, by mean of these libraries here, DNS resolve routines here for IoT devices and that stuff. So that is one case you can do. You could have this solution to be used for software-defined networking here, having virtual interfaces, which you actually can feed now.
20:44
And also you can have here the situation where you can have here some kind of information-centered networking, defining particular DNS services for an application. So, time is over. I'm sorry about that. So a lookout essentially here is,
21:01
what I would like to do here is to add multicast support to my stuff here, add TCP support to TinyDNS server, and all the other projects are in the future, essentially. So that's it for my point. Thank you very much. Thank you, Erwin. I'm sorry. We have no time for questions. Where can people find you if they have questions? Where can people find you? Will you stick around for a bit?
21:22
I'll stick around for a bit, and on my slides, you'll find a lot of IP addresses you can use here, and URLs you can use here. You'll be at one of those. You will be at one of those addresses. Of course, yeah. Otherwise, simply Google for that. It's easy, yeah. Sorry about that. I will update the transparencies with some kind of information.
21:41
Perfect. Thank you. Thank you.