Re: http://www.ntp.org/ => a blank page?

On Mar 5, 10:14, Martin Burnicki <martin.burni...@xxxxxxxxxxx> wrote:

The IPv4 address is used only after the IPv6 address has timed out, even
though (as far as I understand it) the DNS server first returns an IPv4
address, then an IPv6 address:

# host support.ntp.org
support.ntp.org has address 204.152.184.138
support.ntp.org has IPv6 address 2001:4f8:0:2::23

That's a bit misleading. At the protocol level the queries are often
distinct, asking for A or AAAA records. type=any will return both but
is not typically used in apps. At the app level, if the app looks up
a name indicating both IPv4 and IPv6 addresses are desired, platform
and site policies come into play

I know a possible solution would be to use a IPv6-over-IPv4 tunnel to the
internet. However, if this has not been set up then access may fail for a
reason which is not obvious.

AFAIK some browsers, e.g. Firefox, can be configured to prefer either IPv4
or IPv6, so this can be solved without a tunnel.

It sounds like you use a disconnected IPv6 network alongside a
connected RFC1918 v4 network internally. I wonder if you could get by
using only link-local addresses for your internal IPv6 network? I
believe that would solve the problem because your stack would know it
can't connect to a global v6 address from a machine with only link-
local v6 addresses.

A good solution would be to let the local DNS server discard IPv6 addresses
returned from forwarders while maintaining IPv6 suuport for the local
zone/network, but I currently don't know if/how this can be configured for
bind 9.

This may indeed be the best option for your configuration. I wouldn't
call it a good solution, though. Your machines should be able to
handle seeing AAAA records via IPv4-accessible DNS even if they can't
use them. I'd dig into configuring the machines to use IPv6 as a last
resort before considering DNS server-based AAAA filtering.

Cheers,
Dave Hart
.

Relevant Pages

  • Re: [opensuse] Zypper curl errors in 11.0
    ... configuration. ... In short disable IPv6 using YaST, and remove one obstacle from the stack. ... resolution request, then resolved. ... Some websites with ads are real DNS server killer. ...
    (SuSE)
  • RE: Transfer a sending packet to upper TCP/IP protocol layer in IM
    ... He's building a gateway across an IPV4 segment. ... AFAIK, all systems that support IPv6 provide this feature anyway, so that I ... the destination NIC of IPv6 packet is the same as the destination NIC of my ... was assuming that tcpip stack can rebuild the L2 header for the encapped IPv4 ...
    (microsoft.public.development.device.drivers)
  • RE: Transfer a sending packet to upper TCP/IP protocol layer in IM
    ... I suggest you look at the IPv6 gateway standards RFCs if you're interested. ... How is he going to get IPv4 address, ... the destination NIC of IPv6 packet is the same as the destination NIC of my ... was assuming that tcpip stack can rebuild the L2 header for the encapped IPv4 ...
    (microsoft.public.development.device.drivers)
  • FC10 - problems with ping6 and traceroute6
    ... Its /etc/resolv.conf has the IPv6 address of a namecaching DNS server with IPv4 connectivity so it can reach all those DNS servers out in the cloud.... ...
    (Fedora)
  • Re: AAISP?
    ... Premium packages, and considering Max 1 Premium - depending on the ... nothing about IPv6, except that I'd end up with a /48 block if I ... I'd probably settle for setting up a PPPoE forward on my current router ... would I still be able to use the IPv4 ...
    (uk.telecom.broadband)