forced to execute DNS64

Wed Oct 12 00:09:21 UTC 2016

Sorry. I made mistake.

/29 prefix is good work. 
My dns is use expired cache before update cache.
(below 600 TTL is expired cache.)

Thanks.

[root at DNS_STG:/root] $ dig @::1 m.facebook.com aaaa

; <<>> DiG 9.9.9-P3_NLIA_NS_160928 <<>> @::1 m.facebook.com aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27452
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;m.facebook.com.                        IN      AAAA

;; ANSWER SECTION:
m.facebook.com.         600     IN      AAAA    2a03:2880:f115:83:face:b00c:0:25de

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Oct 12 08:21:39 KST 2016
;; MSG SIZE  rcvd: 60

> -----Original Message-----
> From: Mark Andrews [mailto:marka at isc.org]
> Sent: Wednesday, October 12, 2016 8:47 AM
> To: 이석문/ICT Solution팀
> Cc: bind-users at lists.isc.org
> Subject: Re: forced to execute DNS64
> 
> 
> I don't understand why you are saying "But /29 prefix is not work."
> FaceBook is 2a03:2880::/29 and the acl code should handle this.
> 
> Mark
> 
> [rock:~/git/bind9/xxxxxx] marka% whois -r 2a03:2880::
> % This is the RIPE Database query service.
> % The objects are in RPSL format.
> %
> % The RIPE Database is subject to Terms and Conditions.
> % See http://www.ripe.net/db/support/db-terms-conditions.pdf
> 
> % Note: this output has been filtered.
> %       To receive output for a database update, use the "-B" flag.
> 
> % Information related to '2a03:2880::/29'
> 
> % Abuse contact for '2a03:2880::/29' is 'domain at fb.com'
> 
> inet6num:       2a03:2880::/29
> netname:        IE-FACEBOOK-201100822
> country:        IE
> org:            ORG-FIL7-RIPE
> admin-c:        RD4299-RIPE
> tech-c:         RD4299-RIPE
> status:         ALLOCATED-BY-RIR
> mnt-by:         RIPE-NCC-HM-MNT
> mnt-lower:      fb-neteng
> mnt-routes:     fb-neteng
> created:        2015-09-24T12:59:37Z
> last-modified:  2016-04-14T10:48:51Z
> source:         RIPE # Filtered
> 
> In message <0171a9ab70c54918ab355dc66dda3205 at skt-tnetpmx2.SKT.AD>, LEE
> SUKMOON
> writes:
> > Thank you.
> >
> > Your advice is very well done. Thank you again.
> > But /29 prefix is not work. /32 prefix is good work.
> >
> >
> >     dns64 64:ff9b::/96 {
> >         clients { acl_ipv6; ::1; };
> >         exclude {
> >             2a03:2880::/32; // Facebook
> >         };
> >     };
> >
> > root at DNS_STG:/root $ dig @::1 m.facebook.com aaaa +short
> > star-mini.c10r.facebook.com.
> > 64:ff9b::1f0d:4423
> > root at DNS_STG:/root $ dig @::1 m.facebook.com aaaa +short
> > star-mini.c10r.facebook.com.
> > 64:ff9b::1f0d:4423
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org