Thoughts about ipv6 white listing

Jeroen Massar jeroen at unfix.org
Sat Dec 4 12:50:52 CET 2010


On 2010-12-04 12:43, George Bonser wrote:
>> 
>>> If a client right now asks for an AAAA record, they get NOERROR
>>> and I have a log full of such requests.
>> 
>> You mean to say that what you stated is something you already do?
> 
> Yes.  If someone connects to my DNS server and requests an AAAA
> resource for something that does not have one but has an A record,
> they get NOERRR.  Do an AAAA request for www.seven.com for example.

I don't think you will get far without any IPv6 glue:

=========================================================================
$ dig @f.gtld-servers.net ns0.seven.com. aaaa

; <<>> DiG 9.6-ESV-R1 <<>> @f.gtld-servers.net ns0.seven.com. aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6646
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ns0.seven.com.                 IN      AAAA

;; AUTHORITY SECTION:
seven.com.              172800  IN      NS      ns0.seven.com.
seven.com.              172800  IN      NS      ns1.seven.com.
seven.com.              172800  IN      NS      ns2.seven.com.

;; ADDITIONAL SECTION:
ns0.seven.com.          172800  IN      A       208.87.204.130
ns1.seven.com.          172800  IN      A       208.87.204.131
ns2.seven.com.          172800  IN      A       66.35.228.154

;; Query time: 164 msec
;; SERVER: 192.35.51.30#53(192.35.51.30)
;; WHEN: Sat Dec  4 12:48:41 2010
;; MSG SIZE  rcvd: 129
=========================================================================

And according to WHOIS:
=========================================================================
Registrant:
SEVEN Networks, Inc
   901 Marshall Street
   Redwood city, CA 94063
   US

   Domain Name: SEVEN.COM

   ------------------------------------------------------------------------
   Promote your business to millions of viewers for only $1 a month
   Learn how you can get an Enhanced Business Listing here for your
domain name.
   Learn more at http://www.NetworkSolutions.com/
   ------------------------------------------------------------------------

   Administrative Contact, Technical Contact:
      SEVEN Networks, Inc               rheavner at gmail.com
      901 Marshall Street
      Redwood city, CA 94063
      US
      650-381-2500 fax: 123 123 1234


   Record expires on 22-Jan-2013.
   Record created on 23-Jan-1998.
   Database last updated on 4-Dec-2010 06:27:45 EST.

   Domain servers in listed order:

   NS0.SEVEN.COM                208.87.204.130
   NS1.SEVEN.COM                208.87.204.131
   NS2.SEVEN.COM                66.35.228.154
=========================================================================

Indeed, no change.

Greets,
 Jeroen


More information about the ipv6-ops mailing list