[ntp:questions] http://www.ntp.org/ => a blank page?
martin.burnicki at meinberg.de
Thu Mar 5 14:59:16 UTC 2009
Dave Hart wrote:
> On Mar 5, 10:14, Martin Burnicki <martin.burni... at meinberg.de> wrote:
>> The IPv4 address is used only after the IPv6 address has timed out, even
>> though (as far as I understand it) the DNS server first returns an IPv4
>> address, then an IPv6 address:
>> # host support.ntp.org
>> support.ntp.org has address 22.214.171.124
>> support.ntp.org has IPv6 address 2001:4f8:0:2::23
> That's a bit misleading. At the protocol level the queries are often
> distinct, asking for A or AAAA records. type=any will return both but
> is not typically used in apps.
Yes I know. However the host command at least on some systems queries both A
and AAAA records by default, and also other applications (or the resolver
library?) seem to do so.
> At the app level, if the app looks up
> a name indicating both IPv4 and IPv6 addresses are desired, platform
> and site policies come into play
>> I know a possible solution would be to use a IPv6-over-IPv4 tunnel to the
>> internet. However, if this has not been set up then access may fail for a
>> reason which is not obvious.
>> AFAIK some browsers, e.g. Firefox, can be configured to prefer either
>> IPv4 or IPv6, so this can be solved without a tunnel.
> It sounds like you use a disconnected IPv6 network alongside a
> connected RFC1918 v4 network internally. I wonder if you could get by
> using only link-local addresses for your internal IPv6 network? I
> believe that would solve the problem because your stack would know it
> can't connect to a global v6 address from a machine with only link-
> local v6 addresses.
*This* is a very good hint. A quick check on some machines shows the problem
I've described occurs only on machines which have both link-local and
global IPv6 addresses assigned to their network interface.
However, I've personally installed some of the machines and didn't care
about IPv6 settings of the interfaces. So whether a global IPv6 address has
been assigned or not seems to depend on the policy of the specific Linux
distribution and/or version of the IP stack.
>> A good solution would be to let the local DNS server discard IPv6
>> addresses returned from forwarders while maintaining IPv6 suuport for the
>> local zone/network, but I currently don't know if/how this can be
>> configured for bind 9.
> This may indeed be the best option for your configuration. I wouldn't
> call it a good solution, though.
I agree, but I assume it will do the job.
> Your machines should be able to
> handle seeing AAAA records via IPv4-accessible DNS even if they can't
> use them. I'd dig into configuring the machines to use IPv6 as a last
> resort before considering DNS server-based AAAA filtering.
Yes, the problem is to find the right knob to turn in a specific
distribution. Anyway, it should be possible to do.
More information about the questions