Date: Fri, 20 Sep 2002 08:59:54 +1000 From: Mark.Andrews@isc.org To: Juan Francisco Rodriguez Hervella <jrh@it.uc3m.es> Cc: Lista <freebsd-net@freebsd.org>, "(Lista) bind9-users@isc.org" <bind9-users@isc.org> Subject: Re: RES_INSECURE and CHECK_SRVR_ADDR in resolver functions (IPv6 anycast response problem) Message-ID: <200209192259.g8JMxsB5065119@drugs.dv.isc.org> In-Reply-To: Your message of "Thu, 19 Sep 2002 10:44:27 %2B0200." <3D898E6B.692C3C43@it.uc3m.es>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Hello: > > I need to make some tests with IPv6 anycast addresses, > and I've found out that when /etc/resolv.conf has an > IPv6 anycast address, the DNS response isn't accepted because > it comes from an unicast IPv6 address. > > I've been digging into the source code of > /usr/src/lib/libc/net/res_* > and I've found these constants: > > RES_INSECURE1 > RES_INSECURE2 > > and a compilation option called: > > CHECK_SRVR_ADDR > > > What I would like to do is re-compile > the resolver library to accept DNS responses > coming from a unicast IPv6 address to solve > the problem mentioned above. > > What's better... to *un*define CHECK_SRVR_ADDR > or to include RES_INSECURE1 into RES_DEFAULT ? > Do you think it's a good idea to do this ? > what are the security implications ? > > PS: RES_DEFAULT appears in "resolv.h" > > Best Regards. > > -- > JFRH. > IPv6 anycast addresses are a joke as they are currently defined. Don't bother with them until there behaviour gets redefined by the IETF. Mark -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209192259.g8JMxsB5065119>