Thoughts about ipv6 white listing
George Bonser
gbonser at seven.com
Sat Dec 4 12:36:14 CET 2010
> -----Original Message-----
> From: Jeroen Massar [mailto:jeroen at unfix.org]
> Sent: Saturday, December 04, 2010 3:30 AM
> To: George Bonser
> Cc: ipv6-ops at lists.cluenet.de
> Subject: Re: Thoughts about ipv6 white listing
>
> On 2010-12-04 11:58, George Bonser wrote:
> [..]
> >> Do note though that a LOT of people might not have IPv6 transport
> >> in use for their IPv6 DNS server.
> >
> > That is fine. I am on a first pass willing to continue giving them a
> > v4 address. That is no different than the situation is now and does
> > not break
> anything.
>
> Except that people who have IPv4 on their side
No, a person who has v4 will see *exactly* the same behavior they see today. They will ask for an A record and they will receive an A record.
>
> How is this different from just publish both A and AAAA ?
The v6 server *will* publish both A and AAAA
The v4 server will publish only A
The reason is that if a request arrives via IPv4, I cannot be sure of the state of the requestor behind that request. If an AAAA record request arrives by v6, at least I know that both the client *and* the dns server have v6 and if the server can reach me, most likely the client can too because both are on the same network. Again, this isn’t a website. This is a client/server application and the client does not live on a PC.
More information about the ipv6-ops
mailing list