The present invention relates to methods and apparatus for processing data within a computer network. More specifically, this invention relates to mechanisms for performing a name-to-address resolution using DNS-ALG and NAT-PT.
For a particular computer to communicate with other computers or web servers within a network (e.g., the Internet), the particular computer must have a unique IP address. IP protocol version 4 specifies 32 bits for the IP address, which theoretically gives about 4,294,967,296 unique IP addresses. However, there are actually only between 3.2 and 3.3 billion available IP addresses since the addresses are separated into classes and set aside for multicasting, testing and other special uses. With the explosion of the Internet, the number of IP addresses is not enough to give each computer a unique IP address.
One solution for addressing computers with the limited number of IP addresses is referred to as network address translation (NAT). NAT allows an intermediary device (e.g., computer, router or switch) located between the Internet network and a local network to serve as an agent for a group of local computers. A small range of IP addresses or a single IP address is assigned to represent the group of local computers. Each computer within the local group is also given a local IP address that is only used within that local group. However, the group's local IP addresses may be a duplicate of an IP address that is used within another local network. When a local computer attempts to communicate with a computer outside the local network, the intermediary device matches the local computer's local IP address to one of the intermediary device's assigned IP addresses. The intermediary device than replaces the local computer's local address with the matched assigned IP address. This matched assigned IP address is then used to communicate between the local computer and the outside computer. Thus, NAT techniques allow an IP address to be duplicated across local networks.
In addition to IP addresses, a packet may also contain address(es) embedded in the payload that require translation. Particular applications may embed address(es) in the payload for various application specific purposes. The current approach for supporting applications which embed IP addresses in the payload (e.g., DNS (domain name server), FTP (file transfer protocol), H.225/H.245) in a NAT environment is to add application-specific knowledge within the NAT device itself. This approach is described in detail in the Internet Engineering Task Force's Request for Comments document RFC 2663, entitled IP “Network Address Translator (NAT) Terminology and Considerations” by P. Srisuresh and M. Holdrege of Lucent Technologies (August 1999), which document is incorporated herein by reference in its entirety.
Name to address mappings are maintained by each DNS server. For instance, IP version 4 name to address mappings are held in “A” records, while IP version 6 name to address mappings are held in “AAAA” records. A particular domain name may have an IP version 4 address and/or an IP version 6 address mapping. An IP version 4 address is composed of 32 bits, while an IP version 6 address is composed of 128 bits.
RFC 2766, “Network Address Translation-Protocol Translation (NAT-PT),” by Tsirtsis, G. and Srisuresh, P., February 2000, which is incorporated by reference in its entirety, discloses a NAT-PT mechanism that is capable of protocol translation as well as network address translation. In other words, the NAT-PT device is capable of translating addresses between IPv4 and IPv6, as well as translating an IP protocol header from IP version 4 to IP version 6 and vice-versa. For example, when an IPv6 node “A” wants to set up a session with an IPv4 Node “C,” node A starts by requesting a name look-up by requesting a “AAAA” record for Node C. When the “AAAA” record DNS query is received by the NAT-PT device, the NAT-PT/DNS-ALG device generates two separate DNS queries. The first DNS query is an “AAAA” record DNS query and the second DNS query is an “A” record DNS query. In response, the DNS server replies to each DNS query. If an AAAA record exists for the destination, this will be returned to the NAT-PT device which will forward it to the originating host, A. If there is an A record, this will be returned to the NAT-PT device, which will then add the appropriate prefix to the IP version 4 address to convert that address to an IP version 6 address having 128 bits.
As described above, the NAT-PT device may return an IPv6 address, regardless of whether that IP address is obtained from an AAAA record or an A record. However, it is important to note that the NAT-PT device sends two DNS requests in accordance with RFC 2766 in various circumstances. As a result, the NAT-PT device will receive two different DNS replies. Moreover, the NAT-PT device may receive these two DNS replies in any order. Unfortunately, RFC 2766 does not provide for the situation in which the DNS server (in the IPv4 domain) sends two DNS replies for a single DNS query (i.e., AAAA query) initiated by a node.
In view of the above, there is a need for improved DNS-ALG mechanisms for processing DNS replies.