[dns-operations] Issues on source-based DNS policy in dual-stack network

Davey Song(宋林健) ljsong at biigroup.cn
Thu Aug 11 02:07:28 UTC 2016

Hi folks, 


I recently notice a issue on source-based DNS policy in dual-stack networks.
(Maybe I missed some solution or best practice already existed.)


It may be well known that some networks use multiple upstream ISPs to share
the load (Universities for example). There are many options to do this. One
option is to use DNS resolver to response with different answers to
different group of users, which will finally steal the traffic to different
ISPs. It works very well in IPv4-only network, because the resolve can
implement the load-balance policy based on IPv4 source address. However, in
dual-stack environment a client may query A via IPv6 or AAAA via IPv4 which
makes this load-balance option difficult. It is become a reason some network
administrators become reluctant to upgrade their resolver to dual-stack. 


Besides the resolver, authority server who player smart DNS function
(response differently according to clients geo-location address) suffers as
well. Current RFC7871 give some clue that DNS massages can carry subnet
information of end users, but it is fit the scenario from resolver to
authority. And the resolver still have no way to know other IPv6(or IPv4 )
addresses of their users when they are speaking different language(I mean IP


Is it a qualified problem statement? 


Best regards,





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160811/29b00f4f/attachment.html>

More information about the dns-operations mailing list