From owner-freebsd-net Thu Sep 19 16: 0:26 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6661C37B404 for ; Thu, 19 Sep 2002 16:00:24 -0700 (PDT) Received: from mail.cragx.fgov.be (mail.cragx.fgov.be [193.190.115.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id A7F4643E4A for ; Thu, 19 Sep 2002 16:00:22 -0700 (PDT) (envelope-from bind9-users-bounce@isc.org) Received: from mail pickup service by mail.cragx.fgov.be with Microsoft SMTPSVC; Fri, 20 Sep 2002 00:56:07 +0200 MIME-Version: 1.0 x-sender: bind9-users-bounce@isc.org x-receiver: webmaster@cragx.fgov.be Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Received: from minardi.isc.org ([204.152.189.14]) by mail.cragx.fgov.be with Microsoft SMTPSVC(5.0.2195.5329); Fri, 20 Sep 2002 00:56:05 +0200 Received: from rc.isc.org (rc.isc.org [204.152.187.2]) by minardi.isc.org (Postfix) with ESMTP id 2435C2C76; Thu, 19 Sep 2002 23:00:06 +0000 (UTC) (envelope-from bind9-users-bounce@isc.org) Received: with ECARTIS (v1.0.0; list bind9-users); Thu, 19 Sep 2002 23:00:05 +0000 (UTC) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Delivered-To: bind9-users@rc.isc.org Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236]) by rc.isc.org (Postfix) with ESMTP id 7148AA60 for ; Thu, 19 Sep 2002 23:00:01 +0000 (UTC) (envelope-from marka@drugs.dv.isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.12.5/8.12.5) with ESMTP id g8JMxsB5065119; Fri, 20 Sep 2002 08:59:55 +1000 (EST) (envelope-from marka@drugs.dv.isc.org) Message-ID: <200209192259.g8JMxsB5065119@drugs.dv.isc.org> To: "Juan Francisco Rodriguez Hervella" Cc: "Lista" , From: Subject: Re: RES_INSECURE and CHECK_SRVR_ADDR in resolver functions (IPv6 anycast response problem) In-Reply-To: Your message of "Thu, 19 Sep 2002 10:44:27 +0200." <3D898E6B.692C3C43@it.uc3m.es> Date: Fri, 20 Sep 2002 08:59:54 +1000 X-archive-position: 8976 X-ecartis-version: Ecartis v1.0.0 X-original-sender: Mark_Andrews@isc.org X-list: bind9-users X-OriginalArrivalTime: 19 Sep 2002 22:56:06.0015 (UTC) FILETIME=[BC6350F0:01C2602F] Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Hello: > > I need to make some tests with IPv6 anycast addresses, > and I've found out that when /etc/resolv.conf has an > IPv6 anycast address, the DNS response isn't accepted because > it comes from an unicast IPv6 address. > > I've been digging into the source code of > /usr/src/lib/libc/net/res_* > and I've found these constants: > > RES_INSECURE1 > RES_INSECURE2 > > and a compilation option called: > > CHECK_SRVR_ADDR > > > What I would like to do is re-compile > the resolver library to accept DNS responses > coming from a unicast IPv6 address to solve > the problem mentioned above. > > What's better... to *un*define CHECK_SRVR_ADDR > or to include RES_INSECURE1 into RES_DEFAULT ? > Do you think it's a good idea to do this ? > what are the security implications ? > > PS: RES_DEFAULT appears in "resolv.h" > > Best Regards. > > -- > JFRH. > IPv6 anycast addresses are a joke as they are currently defined. Don't bother with them until there behaviour gets redefined by the IETF. Mark -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message