PTR records for IPv6
Dan Wing
dwing at cisco.com
Thu Sep 5 04:47:11 CEST 2013
On Sep 4, 2013, at 4:43 AM, S.P.Zeidler <spz at serpens.de> wrote:
> Hi,
>
> Thus wrote Jens Link (lists at quux.de):
>
>> I think vendors should put some sensible defaults in place, e.g. no
>> SLAAC, no privacy extensions, no temporary addresses on severs.
>
> I don't think this is really something the OS should do.
> If a program requests a specific address when building a socket, and that
> address is configured at all, it gets it on every OS I'm aware of.
>
> In an IPv6 world, network services (aka, smtp, http, dns, .. servers)
> should -always- be bound (and bindable) to specific addresses both for
> incoming and outgoing connections. It's not funny if your smtp server
> tries to deliver through the firewall with its http server address, which
> is then Not Allowed (tm) :)
Yes, disabling IPv6 privacy addresses makes tons of things easier -- including traffic analysis. One of the primary purposes of IPv6 privacy addresses was to antagonize traffic analysis and discourage one of the justifications to create a NAPT66 device (as one of the justifications for NAPT is to antagonize traffic analysis). http://tools.ietf.org/html/rfc4941#section-2 has lots of good details. (And I know privacy information is leaked at upper layers; there are constant attempts at those layers to reduce their privacy leakage and it doesn't excuse exposing privacy at layer 3).
-d
>
> regards,
> spz
> --
> spz at serpens.de (S.P.Zeidler)
More information about the ipv6-ops
mailing list