[Asrg] For DNSBLs, embedded IPv4 in IPv6
Daniel Feenberg
feenberg at nber.org
Mon Aug 4 04:09:53 PDT 2008
On Mon, 4 Aug 2008, Frank Ellermann wrote:
> John Levine wrote:
>
>> Someone pointed out that in some popular dual stack systems,
>> connections from IPv4 addresses appear as IPv6 addresses
>> in :FFFF:0000:0000/96
Could someone explain why a DNSBL needs to return IPV6 addresses? Even
assuming one wants to create a DNSBL that lists IPV6 addresses (which I
don't think would be worthwhile*) the only place the V6 address appears is
in the query hostname character string - the DNSBL reply only needs a
handfull of values, which 127.0.0.X supplies without stress. The replies
are never used as addresses. Are we worried that a DNSBL client
nameservice library wouldn't support IPV4 addresses? That seems
far-fetched. What am I missing?
Daniel Feenberg
>
> Yes, that is what I meant when I mentioned RFC 4408, (ab)using
> ::FFFF:127.0.0.2 as an "obvious" test entry. Another proposal
> in the meeting was to use one of the IPv6 example addresses
> for this purpose. But I can't remember the example addresses
> without my 4408 cheat sheet, an obvious entry would be better.
>
>> The immediate question is whether to add a sentence or two
>> to the DNSBL spec saying that if you have a DNSBL listing
>> both v4 and v6 addresses, and you list a v4 address, you
>> SHOULD or MUST also list the corresponding embedded v6
>
> No. It is the job of the clients to get this right, they are
> supposed to ask for the IPv4 form of these addresses. With
> ::FFFF:127.0.0.2 as a possible *exception* for test purposes.
>
> Frank
>
> _______________________________________________
> Asrg mailing list
> Asrg at ietf.org
> https://www.ietf.org/mailman/listinfo/asrg
>
More information about the Asrg
mailing list