m (→Target DNS) |
|||
| Line 51: | Line 51: | ||
|} | |} | ||
On a host with public Internet access it is usually easiest to choose a target host that fits the criteria. On an isolated testing network this is done using custom DNS data | On a host with public Internet access it is usually easiest to choose a target host that fits the criteria. On an isolated testing network this is done using custom DNS data configured in a DNS server. Lost AAAA reply can be mimicked using the DROP rule on firewall. | ||
Note: Other DNS records than A and AAAA typically point to names, not addresses and thus are protocol agnostic | Note: Other DNS records than A and AAAA typically point to names, not addresses and thus are protocol agnostic | ||
Revision as of 11:57, 4 August 2015
Test configuration
IPv4 connectivity
| connectivity | details |
|---|---|
| Global | Host is connected to the Internet using a global IPv4 address. |
| Masqueraded | Host can access Internet services using a masqueraded private IPv4 address. |
| Local | Host has a private address with no global connectivity. |
| Zeroconf | Host has a link-local IPv4 address. |
| None | Host doesn't have any IPv4 addresses except loopback. |
In most cases you will only need masqueraded IPv4 connectivity and that is the most common way to connect to the Internet nowadays. You can mimic all of the cases above in an isolated testing network by setting up DHCP and DNS servers on one host and configuring the other e.g. using NetworkManager.
IPv6 connectivity
| connectivity | details |
|---|---|
| Global | Host has at least one link-local address and one global address, the latter being used for global connectivity. |
| Local | Host has at least one link-local address and one unique local address used for local communication. |
| Link-local only | Client only has a link-local address. |
| None | Client doesn't have any addresses except loopback. |
In most cases you will either need global connectivity or link-local only connectivity. The latter is typically configured automatically when you connect via IPv4, the former needs to be present in the network. You can overcome this limitation by using an IPv6 tunnel like the one provided by http://www.tunnelbroker.net/. Any of the setups above can be mimicked on an isolated testing network by configuring a router advertisement daemon, an optional DHCP server and a DNS server. You can use dnsmasq to provide all those services at once.
Target DNS
| configuration | A query | AAAA query | notes |
|---|---|---|---|
| Dual-stack | At least one A record | At least one AAAA record | |
| IPv4 only | At least one A record | NODATA | |
| Lost AAAA reply | At least one A record | Timeout | Typically caused by bad recursive DNS servers |
| IPv6 only | NODATA | Answer with at least one AAAA record | |
| Multiple IPv4 and IPv6 addresses | At least two A records | At least two AAAA records |
On a host with public Internet access it is usually easiest to choose a target host that fits the criteria. On an isolated testing network this is done using custom DNS data configured in a DNS server. Lost AAAA reply can be mimicked using the DROP rule on firewall.
Note: Other DNS records than A and AAAA typically point to names, not addresses and thus are protocol agnostic but it may still be useful to test e.g. SRV records so that the SRV code path is correct as well.
Notes on connectivity checks
Network application behavior may change based on various connectivity checks. Some of them work with IP addresses, some with routes and some are even based on attempting connections. All of the mentioned types of checks are currently present in glibc name resolution code, so you need to be careful about subtle differences in configuration.
Notes on DNS server IPv4/IPv6 accessibility
It usually doesn't matter how recursive servers are accessed, whether via IPv4 and IPv6, the network is expected to be configured correctly.
Authoritative servers inaccessible via one of the protocols is a rather special case important for domain operators. A bad configuration can make otherwise working IPv6 hosts inaccessible from IPv6-only networks with their own recursive servers.
Client software test cases
Dual-stack to dual-stack
| IPv4 connectivity | Global or masqueraded |
| IPv6 connectivity | Global |
| Target DNS | Dual-stack |
What is tested
- Whether IPv6 is preferred over IPv4.
- Whether the component is capable of working over IPv6.
- Whether sequential or parallel DNS resolution is in use.
Expected result (sequential, IPv6 preferred)
- Host requests AAAA record and receives a reply.
- Host connects via IPv6.
- No delays, no A query.
Expected result (parallel, IPv6 preferred)
- Host requests A and AAAA records simultaneously and receives the AAAA reply.
- Host connects via IPv6.
- No delays, A reply is ignored if received.
Alternative result (parallel, first result wins, no protocol preference)
- Host requests A and AAAA records simultaneously and receives the first reply.
- Host connects via IPv4 or IPv6.
- No delays.
Dual-stack to dual-stack with lost AAAA answer
Same as above, except that the AAAA answer is lost by a broken DNS server.
| IPv4 connectivity | Global or masqueraded |
| IPv6 connectivity | Global |
| Target DNS | Lost IPv6 |
What is tested
- Wheter the component reverts to IPv4 in reasonable time when AAAA answer gets lost.
Expected result (sequential, IPv6 preferred)
- Host requests AAAA record and gives up after a delay (e.g. 15 seconds).
- Host requests A record and receives reply.
- Host connects via IPv4.
Expected result (parallel, IPv6 preferred)
- Host requests A and AAAA records simultaneously and receives the A reply.
- Host gives up waiting for AAAA record after a short delay (e.g. 300 milliseconds).
- Host connects via IPv4.
Alternative result (parallel, first result wins)
- Host requests A and AAAA records simultaneously and receives the A reply.
- Host connects via IPv4.
- No delay.
IPv4 to dual-stack with lost AAAA answer
Same as above, except that the host doesn't have any IPv6 address except link-local and loopback.
| IPv4 connectivity | Global or masqueraded |
| IPv6 connectivity | Link-local |
| Target DNS | Lost IPv6 |
What is tested
- Wheter the component suppresses AAAA queries when lacking global IPv6 connectivity.
Expected result
- Host requests A record and receives reply.
- Host connects via IPv4.
- No delay, no AAAA query.
Dual-stack to dual-stack with lost communication
| IPv4 connectivity | Global or masqueraded |
| IPv6 connectivity | Global but packets to destination get dropped |
| Target DNS | Dual-stack, DNS server accessed via IPv4 |
What is tested
- Whether the component reverts to IPv4 in reasonable time when local or remote network drops all IPv6 communication.
Expected result (sequential, IPv6 preferred)
- Host requests AAAA record and receives reply.
- Host attempts connecting to IPv6 and times out.
- Host requests A record and receives reply.
- Host connects via IPv4
Expected result (parallel DNS, IPv6 preferred)
- Host requests A and AAAA records simultaneously and waits for AAAA reply.
- Host attempts connecting to IPv6 and times out, receiving A reply in the meantime.
- Host connects via IPv4.
Expected result (parallel DNS, parallel TCP, IPv6 preferred)
- Host requests A and AAAA records simultaneously
- Host attempts IPv4 and IPv6 connections upon receiving the respective records
- IPv4 connection is established
- IPv6 connection is given up after a short delay (e.g. 300 milliseconds)
- IPv4 connection is used