filter-a and dns64 in a ipv6-only network
Thomas Schäfer
tschaefer at t-online.de
Tue Jan 31 20:27:07 UTC 2023
Am Dienstag, 31. Januar 2023, 20:03:42 CET schrieb Marco:
>
> Why would it make sense to block them?
Avoiding wrong decisions by "happy eyeballs" - probably the same rare reasons
why isc introduced the AAAA filter yeas ago - in theory there is no reason to
block AAAA nor A. But blocking A depending on the existence of AAAA makes no
sense at all.
(as bind at moment is doing)
> > > You seem to have this strange notion that to run an IPv6-only node
> > > or network that you need to filter out A records.
> >
> > It isn't more strange than filtering AAAA records in old IPv4 only
> > networks. That filter is ironically implemented by the isc - despite
> > there is no serious RFC for that.
>
> I don't see a reason for filtering at all. What is the benefit of that?
wrong ipv6/ipv4 preference/selections by apps
>
> > The purpose of the A record filter is to correct the behavior of apps
> > which don't respect IPv6 RFCs regarding the preference of IPv6 over
> > IPv4.
>
> Best would be to fix these "apps".
> If the computer does not have an IPv4 address, the A records are
> useless, it can't use them and needs to connect via IPv6.
It would be of course - but reality is - apps, even the defaults in some
programming languages like java are still wrong.
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/net/doc-files/net-properties.html
> Why don't they work if they can't connect using IPv4?
> Which apps are affected?
e.g. gpsprune under linux:
LANG=C java -jar gpsprune_22.2.jar
IOE: java.net.SocketException - Network is unreachable
IOE: java.net.SocketException - Network is unreachable
IOE: java.net.SocketException - Network is unreachable
IOE: java.net.SocketException - Network is unreachable
IOE: java.net.SocketException - Network is unreachable
IOE: java.net.SocketException - Network is unreachable
IOE: java.net.SocketException - Network is unreachable
IOE: java.net.SocketException - Network is unreachable
They don't load the cards.
I have to set manually the environment for the(each wrong) java app:
java -Djava.net.preferIPv6Addresses=true
or
I have to ensure clatd is running - which is not my understanding of ipv6
only.
or
I have to remove the A record, independent of the fact if the AAAA record is
real or synthesized .
Thomas
More information about the bind-users
mailing list