PageRenderTime 25ms CodeModel.GetById 23ms app.highlight 1ms RepoModel.GetById 0ms app.codeStats 0ms

/contrib/bind9/doc/misc/ipv6

https://bitbucket.org/freebsd/freebsd-head/
#! | 113 lines | 80 code | 33 blank | 0 comment | 0 complexity | 992cf0202ec56907d6dbf38ce276b72e MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception, BSD-3-Clause, LGPL-2.0, LGPL-2.1, BSD-2-Clause, 0BSD, JSON, AGPL-1.0, GPL-2.0 
  1Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
  2Copyright (C) 2000, 2001  Internet Software Consortium.
  3See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
  4
  5Currently, there are multiple interesting problems with ipv6
  6implementations on various platforms.  These problems range from not
  7being able to use ipv6 with bind9 (or in particular the ISC socket
  8library, contained in libisc) to listen-on lists not being respected,
  9to strange warnings but seemingly correct behavior of named.
 10
 11COMPILE-TIME ISSUES
 12-------------------
 13
 14The socket library requires a certain level of support from the
 15operating system.  In particular, it must follow the advanced ipv6
 16socket API to be usable.  The systems which do not follow this will
 17currently not get any warnings or errors, but ipv6 will simply not
 18function on them.
 19
 20These systems currently include, but are not limited to:
 21
 22	AIX 3.4 (with ipv6 patches)
 23
 24
 25RUN-TIME ISSUES
 26---------------
 27
 28In the original drafts of the ipv6 RFC documents, binding an ipv6
 29socket to the ipv6 wildcard address would also cause the socket to
 30accept ipv4 connections and datagrams.  When an ipv4 packet is
 31received on these systems, it is mapped into an ipv6 address.  For
 32example, 1.2.3.4 would be mapped into ::ffff:1.2.3.4.  The intent of
 33this mapping was to make transition from an ipv4-only application into
 34ipv6 easier, by only requiring one socket to be open on a given port.
 35
 36Later, it was discovered that this was generally a bad idea.  For one,
 37many firewalls will block connection to 1.2.3.4, but will let through
 38::ffff:1.2.3.4.  This, of course, is bad.  Also, access control lists
 39written to accept only ipv4 addresses were suddenly ignored unless
 40they were rewritten to handle the ipv6 mapped addresses as well.
 41
 42Partly because of these problems, the latest IPv6 API introduces an
 43explicit knob (the "IPV6_V6ONLY" socket option ) to turn off the ipv6
 44mapped address usage.
 45
 46In bind9, we first check if both the advanced API and the IPV6_V6ONLY
 47socket option are available.  If both of them are available, bind9
 48named will bind to the ipv6 wildcard port for both TCP and UDP.
 49Otherwise named will make a warning and try to bind to all available
 50ipv6 addresses separately.
 51
 52In any case, bind9 named binds to specific addresses for ipv4 sockets.
 53
 54The followings are historical notes when we always bound to the ipv6
 55wildcard port regardless of the availability of the API support.
 56These problems should not happen with the closer checks above.
 57
 58
 59IPV6 Sockets Accept IPV4, Specific IPV4 Addresses Bindings Fail
 60---------------------------------------------------------------
 61
 62The only OS which seems to do this is (some kernel versions of) linux.
 63If an ipv6 socket is bound to the ipv6 wildcard socket, and a specific
 64ipv4 socket is later bound (say, to 1.2.3.4 port 53) the ipv4 binding
 65will fail.
 66
 67What this means to bind9 is that the application will log warnings
 68about being unable to bind to a socket because the address is already
 69in use.  Since the ipv6 socket will accept ipv4 packets and map them,
 70however, the ipv4 addresses continue to function.
 71
 72The effect is that the config file listen-on directive will not be
 73respected on these systems.
 74
 75
 76IPV6 Sockets Accept IPV4, Specific IPV4 Address Bindings Succeed
 77----------------------------------------------------------------
 78
 79In this case, the system allows opening an ipv6 wildcard address
 80socket and then binding to a more specific ipv4 address later.  An
 81example of this type of system is Digital Unix with ipv6 patches
 82applied.
 83
 84What this means to bind9 is that the application will respect
 85listen-on in regards to ipv4 sockets, but it will use mapped ipv6
 86addresses for any that do not match the listen-on list.  This, in
 87effect, makes listen-on useless for these machines as well.
 88
 89
 90IPV6 Sockets Do Not Accept IPV4
 91-------------------------------
 92
 93On these systems, opening an IPV6 socket does not implicitly open any
 94ipv4 sockets.  An example of these systems are NetBSD-current with the
 95latest KAME patch, and other systems which use the latest KAME patches
 96as their ipv6 implementation.
 97
 98On these systems, listen-on is fully functional, as the ipv6 socket
 99only accepts ipv6 packets, and the ipv4 sockets will handle the ipv4
100packets.
101
102
103RELEVANT RFCs
104-------------
105
1063513:  Internet Protocol Version 6 (IPv6) Addressing Architecture
107
1083493:  Basic Socket Interface Extensions for IPv6
109
1103542:  Advanced Sockets Application Program Interface (API) for IPv6
111
112
113$Id: ipv6,v 1.9 2004/08/10 04:27:51 jinmei Exp $