filter-aaaa-on-v4
Lawrence K. Chen, P.Eng.
lkchen at ksu.edu
Wed Sep 18 17:08:37 UTC 2013
I finally turned this feature on when I built bind-9.9.3-P2
Had only gotten the occasional user complaints that some browser/client tries to connect to IPv6 and fails. Because our IT Security group doesn't allow IPv6 and is/was blocking tunneling protocols on campus.
As a side effect, my NTP servers are happier....since all #.pool.ntp.org (where # is 0-3) now resolve to usable addresses.
Why 4? If you only have one NTP server, you know what the time is, but you don't know if it is correct. If you have two servers, you won't know what time it is. With 3, you can have a pretty good idea of the correct time, until one breaks. So, 4 gives you a good idea of what the correct time is, even if one breaks. Though I had seen another article suggesting the sets of 3's (3,6,9,12....)
Only 0-3 are defined with the pools, so that's what I go with. Problem is that they have been putting all the IPv6 NTP servers in pool 2, along with some IPv4 ones. And, most of the time when I start ntpd, it picks an IPv6 one from 2.
Had a server where one of the others was intermittent, so it was going between 2 or 3 servers (and, of course, I put my NTP servers in Nagios...so I get alerted when this happens....which had been fine for months, until the system got rebooted for OS updates....
Just restarted it again, and saw it found 4 servers... wish I had thought of this sooner. Wonder if I should do this at home? Guessing its not enabled in the system bind, so I'll have to switch to using ports.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally
More information about the bind-users
mailing list