[ntp:questions] http://www.ntp.org/ => a blank page?

Martin Burnicki martin.burnicki at meinberg.de
Thu Mar 5 14:59:16 UTC 2009


Dave Hart wrote:
> On Mar 5, 10:14, Martin Burnicki <martin.burni... at meinberg.de> wrote:
>>
>> The IPv4 address is used only after the IPv6 address has timed out, even
>> though (as far as I understand it) the DNS server first returns an IPv4
>> address, then an IPv6 address:
>>
>> # host support.ntp.org
>> support.ntp.org has address 204.152.184.138
>> support.ntp.org has IPv6 address 2001:4f8:0:2::23
> 
> That's a bit misleading.  At the protocol level the queries are often
> distinct, asking for A or AAAA records.  type=any will return both but
> is not typically used in apps.

Yes I know. However the host command at least on some systems queries both A
and AAAA records by default, and also other applications (or the resolver
library?) seem to do so.

> At the app level, if the app looks up 
> a name indicating both IPv4 and IPv6 addresses are desired, platform
> and site policies come into play

Agreed.
 
>> I know a possible solution would be to use a IPv6-over-IPv4 tunnel to the
>> internet. However, if this has not been set up then access may fail for a
>> reason which is not obvious.
>>
>> AFAIK some browsers, e.g. Firefox, can be configured to prefer either
>> IPv4 or IPv6, so this can be solved without a tunnel.
> 
> It sounds like you use a disconnected IPv6 network alongside a
> connected RFC1918 v4 network internally.  I wonder if you could get by
> using only link-local addresses for your internal IPv6 network?  I
> believe that would solve the problem because your stack would know it
> can't connect to a global v6 address from a machine with only link-
> local v6 addresses.

*This* is a very good hint. A quick check on some machines shows the problem
I've described occurs only on machines which have both link-local and
global IPv6 addresses assigned to their network interface.

However, I've personally installed some of the machines and didn't care
about IPv6 settings of the interfaces. So whether a global IPv6 address has
been assigned or not seems to depend on the policy of the specific Linux
distribution and/or version of the IP stack.

>> A good solution would be to let the local DNS server discard IPv6
>> addresses returned from forwarders while maintaining IPv6 suuport for the
>> local zone/network, but I currently don't know if/how this can be
>> configured for bind 9.
> 
> This may indeed be the best option for your configuration.  I wouldn't
> call it a good solution, though.

I agree, but I assume it will do the job.

> Your machines should be able to 
> handle seeing AAAA records via IPv4-accessible DNS even if they can't
> use them.  I'd dig into configuring the machines to use IPv6 as a last
> resort before considering DNS server-based AAAA filtering.

Yes, the problem is to find the right knob to turn in a specific
distribution. Anyway, it should be possible to do.


Thanks,

Martin
-- 
Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont
Germany




More information about the questions mailing list