filter-a and dns64 in a ipv6-only network

Thomas Schäfer tschaefer at t-online.de
Tue Jan 31 20:27:07 UTC 2023 

Am Dienstag, 31. Januar 2023, 20:03:42 CET schrieb Marco:

> 
> Why would it make sense to block them?

Avoiding wrong decisions by "happy eyeballs" - probably the same rare reasons 
why isc introduced the AAAA filter yeas ago - in theory there is no reason to 
block AAAA nor A. But blocking A depending on the existence of  AAAA makes no 
sense at all.
(as bind at moment is doing)
 
> > > You seem to have this strange notion that to run an IPv6-only node
> > > or network that you need to filter out A records.
> > 
> > It isn't  more strange than filtering AAAA records in old IPv4 only
> > networks. That filter is ironically implemented by the isc - despite
> > there is no serious RFC for that.
> 
> I don't see a reason for filtering at all. What is the benefit of that?

wrong ipv6/ipv4  preference/selections by apps

> 
> > The purpose of the A record filter is to correct the behavior of apps
> > which don't respect IPv6 RFCs regarding the preference of IPv6 over
> > IPv4.
> 
> Best would be to fix these "apps".
> If the computer does not have an IPv4 address, the A records are
> useless, it can't use them and needs to connect via IPv6.

It would be of course  - but reality is - apps, even the defaults in some 
programming languages like java are still wrong. 
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/net/doc-files/net-properties.html

 
> Why don't they work if they can't connect using IPv4?
> Which apps are affected?

e.g. gpsprune under linux:

LANG=C java -jar gpsprune_22.2.jar
IOE: java.net.SocketException - Network is unreachable
IOE: java.net.SocketException - Network is unreachable
IOE: java.net.SocketException - Network is unreachable
IOE: java.net.SocketException - Network is unreachable
IOE: java.net.SocketException - Network is unreachable
IOE: java.net.SocketException - Network is unreachable
IOE: java.net.SocketException - Network is unreachable
IOE: java.net.SocketException - Network is unreachable

They don't load the cards.

I have to set manually the environment for  the(each wrong)  java app:
java -Djava.net.preferIPv6Addresses=true

or 
I have to ensure clatd is running - which is not my understanding of ipv6 
only.
or 
I have to remove the A record, independent of the fact if the AAAA record is 
real or synthesized .  

Thomas

More information about the bind-users mailing list