android> dig ipv4only.arpa. AAAA

1. android が
ipv4only.arpa. の
AAAA を引く理由
∼ 192.0.0.4 が自動設定される ∼
2015/09/12 #dnsonsen2
@otsuka752 (@twovs)

2. about me
• @otsuka752 (@twovs)
• ネコ＋奥さん＋娘
• 無線LAN 装置の開発(1999-2004)
• オンラインゲームのシステム管理者(2004-2015)
• クラウドの中の人(2015-)
• http://tcpreplay.jp/ やってます

3. about me (DNS)
• 2014年 : 某新 gTLD 申請
• SLD の権威サーバ運用せねば
• 第一回 DNS 温泉参加!
• 2015年 : 某新 gTLD 申請取り下げ
• 取り下げはちょっと残念
• 第二回 DNS 温泉参加! ←いまここ
• 2016年
• 第三回 DNS 温泉参加予定!

4. 最初に背景

5. © 2015 Apple Inc. All rights reserved. Redistribution or public display not permitted without written permission from Apple.
#WWDC15
Your App and
Next Generation Networks
Prabhakar Lakhera Core OS Networking Engineer
Stuart Cheshire DEST
System Frameworks
Session 719
(抜粋)WWDC15 - Your App and Next Generation Network

6. IPv4 Server
Cellular Data Network
DNS64
NAT64
IPv6 Server
IPv6 Access
Connectivity
DNS64 synthesizes IPv6 address for IPv4 server
NAT64 performs IPv6 to IPv4 address translation
(抜粋)WWDC15 - Your App and Next Generation Network

7. IPv4 Server
Cellular Data Network
DNS64
NAT64
IPv6 Server
IPv6 Access
Connectivity
DNS64 synthesizes IPv6 address for IPv4 server
NAT64 performs IPv6 to IPv4 address translation
(抜粋)WWDC15 - Your App and Next Generation Network

8. Your App Has To Be IPv6 Ready
It will be an app submission requirement later this year!
(抜粋)WWDC15 - Your App and Next Generation Network

9. iOS アプリ
IPv6 対応しないと
リジェクト!

11. NAT64 + DNS64 Internet Sharing
IPv4 WAN
IPv6 Access
Connectivity
DNS64
NAT64
(抜粋)WWDC15 - Your App and Next Generation Network

12. NAT64 + DNS64 Internet Sharing
IPv4 WAN
IPv6 Access
Connectivity
DNS64
NAT64
DNS64(!?)

13. NAT64 + DNS64 Internet Sharing
IPv4 WAN
IPv6 Access
Connectivity
DNS64
NAT64

14. NAT64 + DNS64 Internet Sharing
IPv4 WAN
IPv6 Access
Connectivity
DNS64
NAT64
192.0.0.4

16. 症状・状況
• android を NAT64/DNS64 に接続すると
192.0.0.4 が自動設定される
• NAT64/DNS64 でない環境(e.g. IPv6 only)だと
192.0.0.4 は設定されない
• ただし、全ての android 端末ではない
16

17. 基礎知識

18. ipv4only.arpa.
RFC7050 : Discovery of the IPv6 Prefix
Used for IPv6 Address Synthesis
Well-Known IPv4-only Name (WKN): the fully qualified domain name,
"ipv4only.arpa.", well-known to have only A record(s).
Well-Known IPv4 Address (WKA): an IPv4 address that is well-known and
present in an A record for the well-known name. Two well-known IPv4
addresses are defined for Pref64::/n discovery purposes: 192.0.0.170
and 192.0.0.171.
18

19. ipv4only.arpa.
$ dig @8.8.8.8 ipv4only.arpa. A
(snip)
;; ANSWER SECTION:
ipv4only.arpa. 86400 IN A 192.0.0.170
ipv4only.arpa. 86400 IN A 192.0.0.171
(snip)
$ dig @8.8.8.8 ipv4only.arpa. AAAA
(snip)
;; AUTHORITY SECTION:
ipv4only.arpa. 1464 IN SOA sns.dns.icann.org. noc.dns.icann.org.
2015072119 7200 3600 604800 3600
(snip)
19

20. NAT64/DNS64
• NAT64(RFC6146)
Stateful NAT64: Network Address and Protocol Translation
from IPv6 Clients to IPv4 Servers
• DNS64(RFC6147)
DNS64: DNS Extensions for Network Address Translation
from IPv6 Clients to IPv4 Servers
20

21. 464XLAT
• 464XLAT(RFC6877)
464XLAT: Combination of Stateful and Stateless
Translation
21

22. 2013 (c) INTERNET MULTIFEED CO.
NAT64

 IPv6 IPv4 ­− NAT[RFC6146]
 IP/ICMP [RFC6145]
 NAPT-PT DNS ALG DNS64[RFC6147]
 v6 v6v4
 TCP/UDP/ICMP NAT NAT Traversal

 96-bit IPv6 32-bit IPv4 128-bit IPv6
 DNS DNS64 DNS

 ALG IPv4
 MSN Messenger (2009 )
 2.38 Web IPv4
IPv6
IPv4
NAT64
DNS64
DNS
[v4literals]
復習> IPv4/IPv6 移行・共存技術の動向(P.24)
http://www.slideshare.net/yuyarin/i-pv4-ipv6coexistance/24
22

23. 2013 (c) INTERNET MULTIFEED CO.
464XLAT

 IPv4/IPv6 [RFC6145] NAT64[RFC6146] v4/v6/v4
 RFC6877 [RFC6877]
 NAT64
 IPv4-IPv4 DNS ALG

 CLAT IPv4 IPv6 (1:1)
 PLAT NAT64 IPv6 IPv4 ­− (n:1)
IPv6 IPv4
PLAT
­−64
(RFC6146(NAT64))
IPv4
CLAT
46
(RFC6145)
ISP
復習> IPv4/IPv6 移行・共存技術の動向(P.25)
http://www.slideshare.net/yuyarin/i-pv4-ipv6coexistance/25
23

24. NAT64/DNS64
IPv4
IPv6
client
IPv6
NAT64/DNS64 RoutingNAT64
• IPv4 アドレス直接指定では通信できない
• AAAA を DNS64 に聞いてからでないと通信できない
24

25. 464XLAT
IPv4
PLAT(NAT64)
IPv6
CLAT(Translation)
IPv6
IPv4 IPv6
client
Routing
Routing
NAT64
Translation

26. NAT64/DNS64
で動かなくても
464XLAT
なら動く場合もある
26

27. IPv4
IPv6
client
IPv6
NAT64/DNS64
IPv4
PLAT(NAT64)
IPv6
CLAT(Translation)
IPv6
IPv4 IPv6
client
NAT64 464XLAT
27

28. IPv4
IPv6
client
IPv6
NAT64/DNS64
client
IPv4
PLAT(NAT64)
IPv6
CLAT(Translation)
IPv6
IPv4 IPv6
NAT64 464XLAT
28

29. IPv4
IPv6
client
IPv6
NAT64/DNS64
NAT64 464XLAT
IPv6
android
IPv4
IPv4 IPv6
PLAT(NAT64)
CLAT(Translation)
29
clatd
(daemon)
192.0.0.4
IPv6

30. android-clat
android clat service
This software provides the nat 4->6 translation needed
for the "clat" part of the 464xlat standard. It is needed
for better IPv4 application support while on an IPv6-only
mobile network connection using 464xlat's nat64 (such
as T-Mobile's IPv6 trial).
A general diagram of how 464xlat works:
http://dan.drown.org/android/clat/Clat-Plat.png
30
https://android.googlesource.com/platform/external/android-clat/

31. android-clat/clatd.conf
31
https://android.googlesource.com/platform/external/android-clat/+/master/clatd.conf

32. まとめ

33. まとめ
IPv6
android
IPv4
PLAT(NAT64)
IPv6
clatd
IPv4
192.0.0.4
IPv6
2001:db8::x
33
• ipv4only.arpa. の AAAA の
Answer があったら DNS64/
NAT64 配下にいると判断
• Answer の prefix を PLAT
のサブネットとして利用
• clatd 起動(192.0.0.4 を設定)
• NAT64 ルータを PLAT に
• 対戦xxxxxxxxxxも動く !?

34. Question ?

35. 35
NAT64/DNS64 環境だと
AAAA の Answer がある

36. 36
NAT64/DNS64 以外だと
AAAA の Answer は無し

37. 37
NAT64/DNS64 でも
8.8.8.8 に ping=OK

38. END
38