Re: http://www.ntp.org/ => a blank page?
- From: mayer@xxxxxxx (Danny Mayer)
- Date: Mon, 9 Mar 2009 03:47:09 GMT
Dave Hart wrote:
On Mar 5, 10:14, Martin Burnicki <martin.burni...@xxxxxxxxxxx> wrote:
The IPv4 address is used only after the IPv6 address has timed out, even
though (as far as I understand it) the DNS server first returns an IPv4
address, then an IPv6 address:
# host support.ntp.org
support.ntp.org has address 204.152.184.138
support.ntp.org has IPv6 address 2001:4f8:0:2::23
That's a bit misleading. At the protocol level the queries are often
distinct, asking for A or AAAA records. type=any will return both but
is not typically used in apps. At the app level, if the app looks up
a name indicating both IPv4 and IPv6 addresses are desired, platform
and site policies come into play
getaddrinfo() which is used by all newer apps returns both IPv4 and IPv6
unless you specify a particular type. It has nothing to do with site
policy and they do not come into play. The query is controlled solely by
the app. The app may have additional controls on whether or not it wants
to query for IPv4, IPv6 or both.
I know a possible solution would be to use a IPv6-over-IPv4 tunnel to the
internet. However, if this has not been set up then access may fail for a
reason which is not obvious.
AFAIK some browsers, e.g. Firefox, can be configured to prefer either IPv4
or IPv6, so this can be solved without a tunnel.
It sounds like you use a disconnected IPv6 network alongside a
connected RFC1918 v4 network internally. I wonder if you could get by
using only link-local addresses for your internal IPv6 network? I
believe that would solve the problem because your stack would know it
can't connect to a global v6 address from a machine with only link-
local v6 addresses.
The stack has no knowledge of whether it can connect to a global IPv6
address. Only the routers will be able to do that.
A good solution would be to let the local DNS server discard IPv6 addresses
returned from forwarders while maintaining IPv6 suuport for the local
zone/network, but I currently don't know if/how this can be configured for
bind 9.
This may indeed be the best option for your configuration. I wouldn't
call it a good solution, though. Your machines should be able to
handle seeing AAAA records via IPv4-accessible DNS even if they can't
use them. I'd dig into configuring the machines to use IPv6 as a last
resort before considering DNS server-based AAAA filtering.
It cannot be done by the DNS.
Danny
Cheers,
Dave Hart
_______________________________________________
questions mailing list
questions@xxxxxxxxxxxxx
https://lists.ntp.org/mailman/listinfo/questions
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
.
- Follow-Ups:
- Re: http://www.ntp.org/ => a blank page?
- From: Dave Hart
- Re: http://www.ntp.org/ => a blank page?
- References:
- http://www.ntp.org/ => a blank page?
- From: David J Taylor
- Re: http://www.ntp.org/ => a blank page?
- From: Terje Mathisen
- Re: http://www.ntp.org/ => a blank page?
- From: David J Taylor
- Re: http://www.ntp.org/ => a blank page?
- From: Rob
- Re: http://www.ntp.org/ => a blank page?
- From: Steve Kostecke
- Re: http://www.ntp.org/ => a blank page?
- From: Rob
- Re: http://www.ntp.org/ => a blank page?
- From: Martin Burnicki
- Re: http://www.ntp.org/ => a blank page?
- From: Dave Hart
- http://www.ntp.org/ => a blank page?
- Prev by Date: Re: http://www.ntp.org/ => a blank page?
- Next by Date: Re: Reference implementation 4.2.4p6 receive() swapping bytes..?
- Previous by thread: Re: http://www.ntp.org/ => a blank page?
- Next by thread: Re: http://www.ntp.org/ => a blank page?
- Index(es):
Relevant Pages
|
