Support IPv6 DNS (was NAT64 example/documentation appears wrong) (TZ-966) #73
Description
Thread is an IPv6 technology, so should support setting any (IPv6) DNS server, not just NAT-mapped IPv4 addresses via a helper method.
e.g. Directly set to the Google DNS64 service, that will give back either IPv6 addressed or NAT64 mapped addresses if the service is IPv4 only:
dnsserver 2001:4860:4860::6464
It is annoying that Thread, an IPv6 protocol, had added support for legacy IPv4 DNS before native IPv6 command support.
Background
The page about NAT64 https://github.com/espressif/esp-thread-br/blob/48b2e47/docs/en/codelab/nat64.rst
Has the following:
For visiting HTTP servers with domain names, the DNS server shall be first configured on the Thread CLI device:
dns64server 8.8.8.8
This command does two things -- do the conversion from an IPv4 address to a NAT64 address (64:ff9b::808:808) and then set that IPv6 address as the DNS server (64:ff9b::808:808). Note that Thread only supports IPv6, so it can only ever use an IPv6 DNS server.
This command just has a helper method to convert IPv4 to IPv6.
However there is no command to set the DNS server directly and it seems strange to provide a helper method for legacy support before there is even a normal DNS setting command.
Setting any DNS command supports both scenarios
Note that a generic dnsserver command would also allow setting a NAT64 address, but you would have to the conversion manually.
e.g. the following would end up with the same configuration as the shortcut dns64server command:
dnsserver 64::808:808
The helper method should be retained, as it simplifies the process of doing the conversion for you. (Although it is still strange to provide the helper method before the base one).
Misleading name and useless results
It appears the name of the command dns64server refers to setting the (IPv6) DNS server to the NAT64 address equivalent of the provided IPv4 address, although this won't actually return DNS64 results.
The server 8.8.8.8, even if accessed via NAT64, still returns IPv4 (or dual-stack) addresses, e.g.
PS C:\Users\sgryp> nslookup v4.ipv6-test.com 64:ff9b::808:808
Server: UnKnown
Address: 64:ff9b::808:808
Non-authoritative answer:
Name: v4.ipv6-test.com
Address: 51.75.78.103
The IPv4 address 51.75.78.103 is useless, as it can not be used by a Thread device (which is IPv6 only).
To actually get a DNS64 result (not just set the address of the DNS server via NAT64) you need to use a DNS64 service, e.g.
PS C:\Users\sgryp> nslookup v4.ipv6-test.com 2001:4860:4860::6464
Server: dns64.dns.google
Address: 2001:4860:4860::6464
Non-authoritative answer:
Name: v4.ipv6-test.com
Addresses: 64:ff9b::334b:4e67
51.75.78.103
So, while setting an IPv4 server might allow queries, it is not very useful if it only gets back an IPv4 address that then can't be used. Usually DNS services that do provide usable DNS64 conversions only bother providing IPv6 addresses (not IPv4 ones). This makes the ability to set an IPv4 DNS of dubious value -- it would only be useful for results that have a dual stack answer, e.g.
PS C:\Users\sgryp> nslookup ipv6-test.com 64:ff9b::808:808
Server: UnKnown
Address: 64:ff9b::808:808
Non-authoritative answer:
Name: ipv6-test.com
Addresses: 2001:41d0:701:1100::29c8
51.75.78.103
```
The 2001:41d0:701:1100::29c8 address is usable by a Thread device, whilst the IPv4 51.75.78.103 is not usable, as Thread only supports IPv6.
You could, of course, always take the 51.75.78.103 IPv4 address and manually create the NAT64 address to use (assuming the standard prefix). But that seems complicated (and risky), especially if you DNS64 servers can already provide IPv6 addresses for you.
This would be particularly important if your network environment uses a different prefix that the standard 64:ff9b, where you can't manually convert and would need to rely on DNS providing the correct addresses.