Re: http://www.ntp.org/ => a blank page?

Dave Hart wrote:
On Mar 9, 3:47 am, ma...@xxxxxxx (Danny Mayer) wrote:
Dave Hart wrote:
That's a bit misleading. At the protocol level the queries are often
distinct, asking for A or AAAA records. type=any will return both but
is not typically used in apps. At the app level, if the app looks up
a name indicating both IPv4 and IPv6 addresses are desired, platform
and site policies come into play
getaddrinfo() which is used by all newer apps returns both IPv4 and IPv6
unless you specify a particular type. It has nothing to do with site
policy and they do not come into play. The query is controlled solely by
the app. The app may have additional controls on whether or not it wants
to query for IPv4, IPv6 or both.

You might want to spend a little time curling up with RFC 3484,
"Default Address Selection for IPv6"


You might want to curl up with the BIND9 source code.

http://www.rfc-editor.org/rfc/rfc3484.txt

With RFC 3484 support, getaddrinfo sorts its results so that
applications processinig the results in order follow the selected
policy. Given that the RFC came out of Microsoft Research, it should
be no surprise that a certain widely-used platform respects RFC 3484.
Take particular note of the policy tables described in RFC 3484 and
how they allow site policies to come into play.


Yes and that RFC is being discussed right now in namedroppers since
there are a number of problems with it, particularly section 6 rule 9
causing operational problems. A platform-specific implementation of
getaddrinfo() should not be depended on for behavior. DNS makes no
guarantee of sort order of the returned records, nor should there be any
expectation by the app of the order. If Microsoft has chosen to
implement this in their DNS Client service, well I always turn it off as
being useless overhead and causes me operational problems.

It sounds like you use a disconnected IPv6 network alongside a
connected RFC1918 v4 network internally. I wonder if you could get by
using only link-local addresses for your internal IPv6 network? I
believe that would solve the problem because your stack would know it
can't connect to a global v6 address from a machine with only link-
local v6 addresses.
The stack has no knowledge of whether it can connect to a global IPv6
address. Only the routers will be able to do that.

Since link-local addresses by definition are not routable, routers do
not come into play. Any IPv6 stack understands the difference between
link-local and global addresses, and will not attempt to connect to a
global remote address using a link-local local address. Hence the
results Martin saw that only machines with IPv6 global addresses were
having trouble with names returning AAAA as well as A.

This may indeed be the best option for your configuration. I wouldn't
call it a good solution, though. Your machines should be able to
handle seeing AAAA records via IPv4-accessible DNS even if they can't
use them. I'd dig into configuring the machines to use IPv6 as a last
resort before considering DNS server-based AAAA filtering.
It cannot be done by the DNS.

This reads as a non-sequiter. I have no idea what "It" is that cannot
be done.


DNS cannot remove records returned to the requestor.

Danny
Cheers,
Dave Hart

_______________________________________________
questions mailing list
questions@xxxxxxxxxxxxx
https://lists.ntp.org/mailman/listinfo/questions




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
.

Relevant Pages

  • Re: http://www.ntp.org/ => a blank page?
    ...  At the app level, ... getaddrinfowhich is used by all newer apps returns both IPv4 and IPv6 ... You might want to spend a little time curling up with RFC 3484, ... results Martin saw that only machines with IPv6 global addresses were ...
    (comp.protocols.time.ntp)
  • Re: Some help interpreting log snipped please?
    ... >apps only, with fw set to block anything else -all protocols,even dns, ... >for each app). ... UDP Source address _can_ and usually IS faked. ... As I'm not stupid enough to be using windoze, ...
    (comp.security.firewalls)
  • Re: Applications on Wintel vs OS X
    ... Wintel PC? ... The PC app' named "Dragon NaturallySpeaking" is widely ... DNS sells for anywhere from $99 to $1,000 depending on version, myself ... both PC and Mac users, ...
    (uk.comp.sys.mac)
  • Re: Load Balancing DNS
    ... choose new -> Alias. ... How To Configure DNS Records for Your Web Site in Windows Server ... your domain is domain.com, and the app is refered by App, then ...
    (microsoft.public.win2000.dns)
  • Speech Recognition, just a toy for most of us
    ... We Windows users have the best speech recognition app ... So why is DNS so seldom used? ... We all know that speech recognition is used in business, ... But we are engaged in "personal computing", ...
    (microsoft.public.windows.vista.general)