[ntp:questions] http://www.ntp.org/ => a blank page?

Dave Hart davehart at gmail.com
Thu Mar 5 11:47:42 UTC 2009


On Mar 5, 10:14, Martin Burnicki <martin.burni... at meinberg.de> wrote:
>
> The IPv4 address is used only after the IPv6 address has timed out, even
> though (as far as I understand it) the DNS server first returns an IPv4
> address, then an IPv6 address:
>
> # host support.ntp.org
> support.ntp.org has address 204.152.184.138
> support.ntp.org has IPv6 address 2001:4f8:0:2::23

That's a bit misleading.  At the protocol level the queries are often
distinct, asking for A or AAAA records.  type=any will return both but
is not typically used in apps.  At the app level, if the app looks up
a name indicating both IPv4 and IPv6 addresses are desired, platform
and site policies come into play

> I know a possible solution would be to use a IPv6-over-IPv4 tunnel to the
> internet. However, if this has not been set up then access may fail for a
> reason which is not obvious.
>
> AFAIK some browsers, e.g. Firefox, can be configured to prefer either IPv4
> or IPv6, so this can be solved without a tunnel.

It sounds like you use a disconnected IPv6 network alongside a
connected RFC1918 v4 network internally.  I wonder if you could get by
using only link-local addresses for your internal IPv6 network?  I
believe that would solve the problem because your stack would know it
can't connect to a global v6 address from a machine with only link-
local v6 addresses.

> A good solution would be to let the local DNS server discard IPv6 addresses
> returned from forwarders while maintaining IPv6 suuport for the local
> zone/network, but I currently don't know if/how this can be configured for
> bind 9.

This may indeed be the best option for your configuration.  I wouldn't
call it a good solution, though.  Your machines should be able to
handle seeing AAAA records via IPv4-accessible DNS even if they can't
use them.  I'd dig into configuring the machines to use IPv6 as a last
resort before considering DNS server-based AAAA filtering.

Cheers,
Dave Hart




More information about the questions mailing list