filter-aaaa-on-v4
Mike Hoskins (michoski)
michoski at cisco.com
Wed Sep 18 17:22:44 UTC 2013
-----Original Message-----
From: "<Lawrence K. Chen>", "P.Eng." <lkchen at ksu.edu>
Date: Wednesday, September 18, 2013 10:08 AM
To: bind-users <bind-users at lists.isc.org>
Subject: filter-aaaa-on-v4
>I finally turned this feature on when I built bind-9.9.3-P2
>
>Had only gotten the occasional user complaints that some browser/client
>tries to connect to IPv6 and fails. Because our IT Security group
>doesn't allow IPv6 and is/was blocking tunneling protocols on campus.
>
>As a side effect, my NTP servers are happier....since all #.pool.ntp.org
>(where # is 0-3) now resolve to usable addresses.
>
>Why 4? If you only have one NTP server, you know what the time is, but
>you don't know if it is correct. If you have two servers, you won't know
>what time it is. With 3, you can have a pretty good idea of the correct
>time, until one breaks. So, 4 gives you a good idea of what the correct
>time is, even if one breaks. Though I had seen another article
>suggesting the sets of 3's (3,6,9,12....)
>
>Only 0-3 are defined with the pools, so that's what I go with. Problem
>is that they have been putting all the IPv6 NTP servers in pool 2, along
>with some IPv4 ones. And, most of the time when I start ntpd, it picks
>an IPv6 one from 2.
>
>Had a server where one of the others was intermittent, so it was going
>between 2 or 3 servers (and, of course, I put my NTP servers in
>Nagios...so I get alerted when this happens....which had been fine for
>months, until the system got rebooted for OS updates....
>
>Just restarted it again, and saw it found 4 servers... wish I had thought
>of this sooner. Wonder if I should do this at home? Guessing its not
>enabled in the system bind, so I'll have to switch to using ports.
FWIW, you could also add -4 to ntpd args or use -4 prefix in ntpd.conf.
More information about the bind-users
mailing list