Thoughts about ipv6 white listing
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Sun Dec 5 00:38:14 CET 2010
On Sat, Dec 04, 2010 at 03:04:28PM -0800, George Bonser wrote:
> > >
> > as the DNS server, you have no idea what the routing looks like
> > (v4/v6) from
> > the client side. you are conflating transport and data...
> > assuming that
> > transport has anything to do with the data being asked for.
>
> I have some idea. If I am seeing an AAAA request, then the client must at least have an IPv6 address. If I am seeing the AAAA request arriving to me via v6 from the client's dns server (which in this case is in the same network with the client), then if the dns server can reach me, the client can reach me.
actually, no. you have no idea what the client is capable of, all you see is
the intermediate cache asking on behalf of one of its clients. others have pointed
out some practical example of this. your presumption about the client and its
intermediate cache being on the same broadcast domain are ... naieve - at best.
>
> Again, this isn't the typical web surfer sort of network. This is a set of thousands of hardware devices in a network with a dns server. If that hardware device makes an AAAA request, then it has v6.
no one, save you, has involked http. i thought we were talking about dns. :)
>
> Also, this gets rolled out for one client network at a time, not globally.
>
i see - so this iisn't really on the Internet at all. this is a series of closed
user groups... in which case, you are able to absolutely assure yourself of the
accuracy of your assumptions. Not all of us have such luxury. And $diety help
you when you get around to hooking these up to the Internet.
--bill
More information about the ipv6-ops
mailing list