Fwd: Re: security.ubuntu.com not accessible in IPv6 (AAAA record missing in the DNS)
Chris Hills
chaz at chaz6.com
Tue Mar 12 21:38:22 CET 2013
On 12/03/2013 20:24, Philipp Kern wrote:
> There's a huge difference between not being able to access security.ubuntu.com
> via HTTP from an IPv6-only host and not having an IPv4-capable resolver.
> For the latter even NAT64/DNS64 is sufficient. (Or you hand one of those
> precious IPv4 addresses to your resolver to resolve the internet.)
How can you run NAT64 or DNS64 if you do not have IPv4?? That means you
are going to have to trust an external resolver, and since ubuntu.com
does not support dnssec (which is quite ironic for a large organization
hosting a dedicated *security* site), you are opening yourself up to MitM.
More information about the ipv6-ops
mailing list