Thoughts about ipv6 white listing

Gert Doering gert at
Sat Dec 4 11:40:19 CET 2010


On Sat, Dec 04, 2010 at 02:21:15AM -0800, George Bonser wrote:
> Rather than taking a white listing approach to v6, I thought I might do
> the following:
> Configure an instance of named that is v6 only.  That instance contains
> both A and AAAA records.  Register that DNS server in whois with a v6
> address only.  The instances of named running on v4 have a zone with
> only A records.
> Requests that arrive via v6 that request an AAAA resource are given one
> if one is available.
> Requests that arrive via v4 that request an AAAA resource are returned

This completely neglects the existance of recursive DNS servers.

So if a client has perfectly working IPv6 but uses a DNS resolver (like
"") that has no v6, he'll never see AAAA records?

Or a client that has broken IPv6 but uses a DNS resolver that has working
IPv6, he'll get AAAA?

This idea comes up every few months, but doesn't get any better by 

Gert Doering
        -- NetMaster
did you enable IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

More information about the ipv6-ops mailing list