Fwd: Re: security.ubuntu.com not accessible in IPv6 (AAAA record missing in the DNS)
Philipp Kern
phil at philkern.de
Tue Mar 12 21:56:47 CET 2013
On Tue, Mar 12, 2013 at 08:38:22PM +0000, Chris Hills wrote:
> How can you run NAT64 or DNS64 if you do not have IPv4?? That means you
> are going to have to trust an external resolver, and since ubuntu.com
> does not support dnssec (which is quite ironic for a large organization
> hosting a dedicated *security* site), you are opening yourself up to MitM.
In Debian^WUbuntu we have other ways to deal with MitM.
I think it's still common to get at least one IPv4, or you indeed have
to trust an external resolver. (Don't get me started about DNSSEC
converage. debian.org has it, at least.)
Kind regards
Philipp Kern
More information about the ipv6-ops
mailing list