Thoughts about ipv6 white listing
Gert Doering
gert at space.net
Sat Dec 4 11:40:19 CET 2010
Hi,
On Sat, Dec 04, 2010 at 02:21:15AM -0800, George Bonser wrote:
> Rather than taking a white listing approach to v6, I thought I might do
> the following:
>
> Configure an instance of named that is v6 only. That instance contains
> both A and AAAA records. Register that DNS server in whois with a v6
> address only. The instances of named running on v4 have a zone with
> only A records.
>
> Requests that arrive via v6 that request an AAAA resource are given one
> if one is available.
>
> Requests that arrive via v4 that request an AAAA resource are returned
> NXDOMAIN
This completely neglects the existance of recursive DNS servers.
So if a client has perfectly working IPv6 but uses a DNS resolver (like
"8.8.8.8") that has no v6, he'll never see AAAA records?
Or a client that has broken IPv6 but uses a DNS resolver that has working
IPv6, he'll get AAAA?
This idea comes up every few months, but doesn't get any better by
repetition.
Gert Doering
-- NetMaster
--
did you enable IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the ipv6-ops
mailing list