Thoughts about ipv6 white listing
gert at space.net
Sat Dec 4 11:40:19 CET 2010
On Sat, Dec 04, 2010 at 02:21:15AM -0800, George Bonser wrote:
> Rather than taking a white listing approach to v6, I thought I might do
> the following:
> Configure an instance of named that is v6 only. That instance contains
> both A and AAAA records. Register that DNS server in whois with a v6
> address only. The instances of named running on v4 have a zone with
> only A records.
> Requests that arrive via v6 that request an AAAA resource are given one
> if one is available.
> Requests that arrive via v4 that request an AAAA resource are returned
This completely neglects the existance of recursive DNS servers.
So if a client has perfectly working IPv6 but uses a DNS resolver (like
"22.214.171.124") that has no v6, he'll never see AAAA records?
Or a client that has broken IPv6 but uses a DNS resolver that has working
IPv6, he'll get AAAA?
This idea comes up every few months, but doesn't get any better by
did you enable IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the ipv6-ops