Thoughts about ipv6 white listing
George Bonser
gbonser at seven.com
Sat Dec 4 11:55:24 CET 2010
> This completely neglects the existance of recursive DNS servers.
Yes, it does by design because I cannot be sure of the state of the
client behind that recursive server. Just because it asked the server
for an AAAA record doesn't mean it can reach me by v6 even if it has v6.
Note the difference in v6 routing tables between he and cogentco
> So if a client has perfectly working IPv6 but uses a DNS resolver
(like
> "8.8.8.8") that has no v6, he'll never see AAAA records?
Yes. At least on the first pass. Note that practically all of my
requests are not coming from a user sitting behind a PC, this is a
client/server application and the client is using its own parent
network's application in practically all cases for "production" traffic.
> Or a client that has broken IPv6 but uses a DNS resolver that has
> working
> IPv6, he'll get AAAA?
Yes. And I suspect those cases will be *extremely* few and need to
break.
More information about the ipv6-ops
mailing list