192.0.0.4 on android

android が ipv4only.arpa. の AAAA を引く理由

～ 192.0.0.4 が自動設定される謎 ～

2015/09/12 #dnsonsen2 @otsuka752 (@twovs)

about me• @otsuka752 (@twovs)

• ネコ＋奥さん＋娘

• 無線LAN 装置の開発(1999-2004)

• オンラインゲームのシステム管理者(2004-2015)

• クラウドの中の人(2015-)

• http://tcpreplay.jp/ やってます

about me (DNS)• 2014年 : 某新 gTLD 申請

• SLD の権威サーバ運用せねば

• 第一回 DNS 温泉参加!

• 2015年 : 某新 gTLD 申請取り下げ

• 取り下げはちょっと残念

• 第二回 DNS 温泉参加!　←いまここ

• 2016年

• 第三回 DNS 温泉参加予定!

最初に背景

© 2015 Apple Inc. All rights reserved. Redistribution or public display not permitted without written permission from Apple.

#WWDC15

Your App andNext Generation Networks

Prabhakar Lakhera Core OS Networking EngineerStuart Cheshire DEST

System Frameworks

Session 719

(抜粋)WWDC15 - Your App and Next Generation Network

IPv4 Server

Cellular Data Network

DNS64NAT64

IPv6 Server

IPv6 AccessConnectivity

DNS64 synthesizes IPv6 address for IPv4 serverNAT64 performs IPv6 to IPv4 address translation

(抜粋)WWDC15 - Your App and Next Generation Network

IPv4 Server

Cellular Data Network

DNS64NAT64

IPv6 Server

IPv6 AccessConnectivity

DNS64 synthesizes IPv6 address for IPv4 serverNAT64 performs IPv6 to IPv4 address translation

(抜粋)WWDC15 - Your App and Next Generation Network

Your App Has To Be IPv6 ReadyIt will be an app submission requirement later this year!

(抜粋)WWDC15 - Your App and Next Generation Network

iOS アプリ IPv6 対応しないと

リジェクト!

NAT64 + DNS64 Internet Sharing

IPv4 WAN

IPv6 AccessConnectivity

DNS64NAT64

(抜粋)WWDC15 - Your App and Next Generation Network

NAT64 + DNS64 Internet Sharing

IPv4 WAN

IPv6 AccessConnectivity

DNS64NAT64

DNS64(!?)

NAT64 + DNS64 Internet Sharing

IPv4 WAN

IPv6 AccessConnectivity

DNS64NAT64

NAT64 + DNS64 Internet Sharing

IPv4 WAN

IPv6 AccessConnectivity

DNS64NAT64

192.0.0.4

症状・状況

• android を NAT64/DNS64 に接続すると192.0.0.4 が自動設定される

• NAT64/DNS64 でない環境(e.g. IPv6 only)だと 192.0.0.4 は設定されない

• ただし、全ての android 端末ではない

16

基礎知識

ipv4only.arpa.

RFC7050 : Discovery of the IPv6 Prefix Used for IPv6 Address Synthesis

Well-Known IPv4-only Name (WKN): the fully qualified domain name, "ipv4only.arpa.", well-known to have only A record(s).

Well-Known IPv4 Address (WKA): an IPv4 address that is well-known and present in an A record for the well-known name. Two well-known IPv4 addresses are defined for Pref64::/n discovery purposes: 192.0.0.170 and 192.0.0.171.

18

ipv4only.arpa.$ dig @8.8.8.8 ipv4only.arpa. A (snip)

;; ANSWER SECTION: ipv4only.arpa. 86400 IN A 192.0.0.170 ipv4only.arpa. 86400 IN A 192.0.0.171

(snip)

$ dig @8.8.8.8 ipv4only.arpa. AAAA (snip)

;; AUTHORITY SECTION: ipv4only.arpa. 1464 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015072119 7200 3600 604800 3600

(snip)

19

NAT64/DNS64

• NAT64(RFC6146)

Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers

• DNS64(RFC6147)

DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers

20

464XLAT

• 464XLAT(RFC6877)

464XLAT: Combination of Stateful and Stateless Translation

21

��2013 (c) INTERNET MULTIFEED CO.

NAT64 

  IPv6 IPv4 ­− NAT[RFC6146]

  IP/ICMP [RFC6145]   NAPT-PT DNS ALG DNS64[RFC6147]   v6 v6v4   TCP/UDP/ICMP NAT NAT Traversal

    96-bit IPv6 32-bit IPv4 128-bit IPv6

  DNS DNS64 DNS

    ALG IPv4

 MSN Messenger (2009 )   2.38 Web IPv4

IPv6

IPv4

NAT64

DNS64DNS

[v4literals]

復習> IPv4/IPv6 移行・共存技術の動向(P.24)

http://www.slideshare.net/yuyarin/i-pv4-ipv6coexistance/24

22

��2013 (c) INTERNET MULTIFEED CO.

464XLAT 

  IPv4/IPv6 [RFC6145] NAT64[RFC6146] v4/v6/v4   RFC6877 [RFC6877]   NAT64   IPv4-IPv4 DNS ALG

    CLAT IPv4 IPv6 (1:1)   PLAT NAT64 IPv6 IPv4 ­− (n:1)

IPv6 IPv4

PLAT

­−64 (RFC6146(NAT64))

IPv4

CLAT

46 (RFC6145)

ISP

復習> IPv4/IPv6 移行・共存技術の動向(P.25)

http://www.slideshare.net/yuyarin/i-pv4-ipv6coexistance/25

23

NAT64/DNS64IPv4

IPv6

client

IPv6

NAT64/DNS64 RoutingNAT64

• IPv4 アドレス直接指定では通信できない

• AAAA を DNS64 に聞いてからでないと通信できない24

464XLATIPv4

PLAT(NAT64)

IPv6

CLAT(Translation)

IPv6

IPv4 IPv6

client

Routing

Routing

NAT64

Translation

NAT64/DNS64 で動かなくても

464XLAT なら動く場合もある

26

IPv4

IPv6

client

IPv6

NAT64/DNS64

IPv4

PLAT(NAT64)

IPv6

CLAT(Translation)

IPv6

IPv4 IPv6

client

NAT64 464XLAT

27

IPv4

IPv6

client

IPv6

NAT64/DNS64

client

IPv4

PLAT(NAT64)

IPv6

CLAT(Translation)

IPv6

IPv4 IPv6

NAT64 464XLAT

28

IPv4

IPv6

client

IPv6

NAT64/DNS64

NAT64 464XLATIPv6

android

IPv4

IPv4 IPv6

PLAT(NAT64)

CLAT(Translation)

29

clatd (daemon)

192.0.0.4

IPv6

android-clatandroid clat service

This software provides the nat 4->6 translation needed for the "clat" part of the 464xlat standard. It is needed for better IPv4 application support while on an IPv6-only mobile network connection using 464xlat's nat64 (such as T-Mobile's IPv6 trial).

A general diagram of how 464xlat works: http://dan.drown.org/android/clat/Clat-Plat.png

30https://android.googlesource.com/platform/external/android-clat/

android-clat/clatd.conf

31https://android.googlesource.com/platform/external/android-clat/+/master/clatd.conf

まとめ

まとめIPv6

android

IPv4

PLAT(NAT64)

IPv6

clatd

IPv4 192.0.0.4

IPv6 2001:db8::x

33

• ipv4only.arpa. の AAAA のAnswer があったら DNS64/NAT64 配下にいると判断

• Answer の prefix を PLAT のサブネットとして利用

• clatd 起動(192.0.0.4 を設定)

• NAT64 ルータを PLAT に

• 対戦xxxxxxxxxxも動く !?

Question ?

35

NAT64/DNS64 環境だとAAAA の Answer がある

36

NAT64/DNS64 以外だとAAAA の Answer は無し

37

NAT64/DNS64 でも 8.8.8.8 に ping=OK

END

38