Thoughts about ipv6 white listing
Gert Doering
gert at space.net
Sat Dec 4 18:22:26 CET 2010
Hi,
On Sat, Dec 04, 2010 at 05:25:24PM +0100, Tore Anderson wrote:
> Actually, some HGW boxes have bugs in their DNS forwarders that will
> only be exposed by AAAA records being present. For example, certain
> D-Link models (at least DSL-584T, DSL-G664T, and DSL-G684T; there's
> probably more) will send an A response to the stub resolver using the
> first 32 bits of the IPv6 address returned from its upstream resolver.
> If on the other hand there's no AAAA records present, the correct IPv4
> address is returned.
Yes, this is an especially nasty one - and there is not much a content
provider can do about it except "just break them and hope the user will
replace their router" or "wait another 10 years until the boxes have
died from old age". This firmware bug is supposedly fixed since about
5 years (folks from heise.de told me), but these devices last a while...
Gert Doering
-- NetMaster
--
did you enable IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 306 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20101204/1ec63879/attachment.bin
More information about the ipv6-ops
mailing list