Filtering IPv6 AAAA records?
Mark Andrews
marka at isc.org
Wed Jul 25 12:15:35 UTC 2012
In message <CAEBgQMzfH2kvc7zYNi=eDewwq_TjJF8OfM9GKrq-3m7obqiS2Q at mail.gmail.com>
, Paul Reilly writes:
>
> Thanks all - the "filter-aaaa-on-v4" has worked well in testing.
>
> In terms of "why?" we do actually have native IPv6 upstream, and some parts
> of the network are fully IPv6 enabled, and access the internet on IPv6. But
> some areas are only IPv4. I need to make sure these IPv4 only parts of the
> network do not try and access IPv6 internet hosts - as they are blocked at
> the firewall.
Then please make sure that the firewall returns ICMPv6 unreachables or
spoofs RST for TCP. Just dropping packets is guarenteed to result in
bad behaviour.
> Paul
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list