Date: Tue, 18 Sep 2007 09:22:17 +1000 From: Mark Andrews <Mark_Andrews@isc.org> To: Pete French <petefrench@ticketswitch.com> Cc: freebsd-stable@freebsd.org Subject: Re: BIND 9.3.1 - How to get rid of AAAA querys? Message-ID: <200709172322.l8HNMHSr037677@drugs.dv.isc.org> In-Reply-To: Your message of "Mon, 17 Sep 2007 17:02:33 %2B0100." <E1IXJ3R-0006GW-L1@dilbert.ticketswitch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I have been running IPv6 on all of my FreeBSD work systems for > > years. All of my mail (including this message) are sent/received by IPv6 > > and I have not had any problems, but I am on a network that is fully > > IPv6 enabled, so no tunnels are involved. > > That's good to know. I have one box on the live internet (mail.twisted.org.uk > ) > which is runnign 6.2-STABLE and using 6to4 to provide IPv6 to those whowant i > t. Some of our outgoing mail gets delivered over IPv6, but none of our > incomming does. However it does seem to behave itself. > > > I do know that there will be a major re-write of IPv6 support in V7 to > > integrate the KAME code into the rest of the network as KAME is not > > longer separately developed. I'm not sure how this will impact things, > > That was going to be the next point where I tested it (when V7 comes > out). My home machine works more-or-less ine using IPv6 on 6to4, > with the only problems being when ftping large files to/from twisted.org.uk > which show a random disconnect after 10-20 minutes of transfer. > > My bigger problem is trying to distribute my IPv6 address to machines > behind the single box which faces the outside world (as thats what IPv6 > is good for right ? No more NAT?). These boxes work in so far as they > can all see and ping IPv6 addresses and make and receive TCP connections. > But if, for example, I make a TCP connection to www.kame.net then I get > the first chuink of data but then a freeze for a long period of time before > the rest of the data arrives. This does not happen from the direct machine, > it sees all the data at once. I suspect that ICMP messages are being filtered causing PTMU discover to rely on timeouts rather than error messages. I'm amazed that people still filter ICMP. It is a integral part of IP and really should not be filtered. Yes I know why people started filtering ICMP. However the filter should be for directed broadcasts not ICMP. > Unfortunately that problem makes IPv6 useless for me on the inteernal network > behind the box, so it's been disabled. I am reluctant to deploy it on > work machines for the same reson. Diirectly connected boxes may work fine > but actiually trying to use IPv6 to get rid of NAT doesn't seem to work right > . > > Sadly I haven't had any time to investigate further. > > -pete. > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709172322.l8HNMHSr037677>