lost and found ( for me ? )

How to configure DNS64 in unbound

Ecdysis provides DNS64 patch for unbound. download the patch as below URL.
http://ecdysis.viagenie.ca/download.html

I downloaded ecdysis-unbound-1.4.7.20101117.patch.gz.
This patch is for unbound 1.4.7. If you don’t have unbound 1.4.7 , plz download that ver.

unzip patch file.
# gunzip ecdysis-unbound-1.4.7.20101117.patch.gz


apply patch
# tar xzvf unbound-1.4.7.tar.gz
# cd unbound-1.4.7
# patch -p1 < ../ecdysis-unbound-1.4.7.20101117.pa
tch
patching file .gitignore
patching file Makefile.in
patching file dns64/dns64.c
patching file dns64/dns64.h
patching file doc/README.DNS64
patching file doc/example.conf.in
patching file services/modstack.c
patching file util/config_file.h
patching file util/configlexer.c
patching file util/configlexer.lex
patching file util/configparser.c
patching file util/configparser.h
patching file util/configparser.y
patching file util/data/msgreply.c
patching file util/data/msgreply.h
patching file util/fptr_wlist.c


- compile unbound.
# ./configure --disable-gost
# make
# make install


- edit unbound.conf to enable DNS64

Please note that “module-config” directive must start with “dns64”
     module-config: "dns64 validator iterator"


add dns64-prefix in “server clause”
server:
    dns64-prefix: 64:FF9B::/96


The prefix must be a /96 or shorter.

- fly unbound
# unbound-control start


- check unbound loads dns64 module
# unbound-control status
version: 1.4.7
verbosity: 1
threads: 1
modules: 3 [ dns64 validator iterator ]

# dig @::1 www.facebook.com aaaa

; <<>> DiG 9.8.0-P2 <<>> @::1 www.facebook.com aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19672
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.facebook.com.           IN   AAAA

;; ANSWER SECTION:
www.facebook.com.    14      IN   AAAA 64:ff9b::45ab:e40d


If AAAA records exist , unbound doesn’t change a response.
# dig @127.1 www.isc.org aaaa

; <<>> DiG 9.8.0-P2 <<>> @127.1 www.isc.org aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44724
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 6

;; QUESTION SECTION:
;www.isc.org.                IN   AAAA

;; ANSWER SECTION:
www.isc.org.         600 IN      AAAA 2001:4f8:0:2::d

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.