IPv4-Mapped IPv6 Address used in DNS with AAAA-records

Peter Koch pk at ISOC.DE
Thu Jul 27 21:28:43 CEST 2023 

Hi Thomas,

On Thu, Jul 27, 2023 at 11:16:07AM +0200, Thomas Schäfer wrote:

> I think
> 
> IPv4-Mapped IPv6 Addresses (defined in
> https://datatracker.ietf.org/doc/html/rfc4291#section-2.5.5.2
> )
> |                80 bits               | 16 |      32 bits        |
>    +--------------------------------------+--------------------------+
>    |0000..............................0000|FFFF|    IPv4 address     |
>    +--------------------------------------+----+---------------------+
> 
> 
> 
> must not be announced via DNS-AAAA-records.

same thought, but surprisingly(?) me could not find any recommendation in that
direction.  Other than RFC 1918, which has remarks to the extent that
indirect references to private address space are discouraged (final para of section 3),
no such text seems to exist for IPv4-Mapped IPv6 Addresses. Then again,
interpretation of RFC1918 space is context/location dependent which is
not the case for IPv4-Mapped IPv6 Addresses.

The purpose and semantics of IPv4-Mapped IPv6 Addresses apparently has
evolved over time, including a standards track protocol that might have
resulted in actual packets bearing those addresses 'on the wire'
(cf. RFC 4942, section 2.2. IPv4-Mapped IPv6 Addresses).

As Nick pointed out

>> https://www.iana.org/assignments/iana-ipv6-special-registry
> 
> See the "Globally Reachable" field. If you're looking for canon, then
> this is probably what you need.  Note that it doesn't say anything about
> your own internal administrative domain.

this address space got tagged

                 | Source               | False               |
                 | Destination          | False               |

in RFC 6890 and even prior to that, in RFC 5156.  It is not blatantly
obvious, though, where this determination came from, even though the
aforementioned RFC 4942 might have been instrumental.

Otherwise, the purpose of IPv4-Mapped IPv6 Addresses is limited to

o APIs that offer an 'IPv6 only' interface to applications, so those can be
  v4 agnostic

o a variety of protocols that make use of IP addresses (in payload) avoiding
  the address family distinction or sub-typing (like PCP, HNCP, ...)

With that in mind, and given that DNS has distinct RR types for v4 and v6, one could
argue that IPv4-Mapped IPv6 Addresses within AAAA RRs are maybe misplaced.
Luckily, they also don't seem to be too popular in the wild ...

> I am despairing in a discussion with a company.

Don't.

-Peter

More information about the ipv6-ops mailing list