/contrib/bind9/doc/misc/ipv6

https://bitbucket.org/freebsd/freebsd-head/ · #! · 113 lines · 80 code · 33 blank · 0 comment · 0 complexity · 992cf0202ec56907d6dbf38ce276b72e MD5 · raw file 

    

  1. Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
    2. 

  2. Copyright (C) 2000, 2001  Internet Software Consortium.
    3. 

  3. See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
    4. 

  4. 

  5. Currently, there are multiple interesting problems with ipv6
    6. 

  6. implementations on various platforms.  These problems range from not
    7. 

  7. being able to use ipv6 with bind9 (or in particular the ISC socket
    8. 

  8. library, contained in libisc) to listen-on lists not being respected,
    9. 

  9. to strange warnings but seemingly correct behavior of named.
    10. 

  10. 

  11. COMPILE-TIME ISSUES
    12. 

  12. -------------------
    13. 

  13. 

  14. The socket library requires a certain level of support from the
    15. 

  15. operating system.  In particular, it must follow the advanced ipv6
    16. 

  16. socket API to be usable.  The systems which do not follow this will
    17. 

  17. currently not get any warnings or errors, but ipv6 will simply not
    18. 

  18. function on them.
    19. 

  19. 

  20. These systems currently include, but are not limited to:
    21. 

  21. 

  22. 	AIX 3.4 (with ipv6 patches)
    23. 

  23. 

  24. 

  25. RUN-TIME ISSUES
    26. 

  26. ---------------
    27. 

  27. 

  28. In the original drafts of the ipv6 RFC documents, binding an ipv6
    29. 

  29. socket to the ipv6 wildcard address would also cause the socket to
    30. 

  30. accept ipv4 connections and datagrams.  When an ipv4 packet is
    31. 

  31. received on these systems, it is mapped into an ipv6 address.  For
    32. 

  32. example, 1.2.3.4 would be mapped into ::ffff:1.2.3.4.  The intent of
    33. 

  33. this mapping was to make transition from an ipv4-only application into
    34. 

  34. ipv6 easier, by only requiring one socket to be open on a given port.
    35. 

  35. 

  36. Later, it was discovered that this was generally a bad idea.  For one,
    37. 

  37. many firewalls will block connection to 1.2.3.4, but will let through
    38. 

  38. ::ffff:1.2.3.4.  This, of course, is bad.  Also, access control lists
    39. 

  39. written to accept only ipv4 addresses were suddenly ignored unless
    40. 

  40. they were rewritten to handle the ipv6 mapped addresses as well.
    41. 

  41. 

  42. Partly because of these problems, the latest IPv6 API introduces an
    43. 

  43. explicit knob (the "IPV6_V6ONLY" socket option ) to turn off the ipv6
    44. 

  44. mapped address usage.
    45. 

  45. 

  46. In bind9, we first check if both the advanced API and the IPV6_V6ONLY
    47. 

  47. socket option are available.  If both of them are available, bind9
    48. 

  48. named will bind to the ipv6 wildcard port for both TCP and UDP.
    49. 

  49. Otherwise named will make a warning and try to bind to all available
    50. 

  50. ipv6 addresses separately.
    51. 

  51. 

  52. In any case, bind9 named binds to specific addresses for ipv4 sockets.
    53. 

  53. 

  54. The followings are historical notes when we always bound to the ipv6
    55. 

  55. wildcard port regardless of the availability of the API support.
    56. 

  56. These problems should not happen with the closer checks above.
    57. 

  57. 

  58. 

  59. IPV6 Sockets Accept IPV4, Specific IPV4 Addresses Bindings Fail
    60. 

  60. ---------------------------------------------------------------
    61. 

  61. 

  62. The only OS which seems to do this is (some kernel versions of) linux.
    63. 

  63. If an ipv6 socket is bound to the ipv6 wildcard socket, and a specific
    64. 

  64. ipv4 socket is later bound (say, to 1.2.3.4 port 53) the ipv4 binding
    65. 

  65. will fail.
    66. 

  66. 

  67. What this means to bind9 is that the application will log warnings
    68. 

  68. about being unable to bind to a socket because the address is already
    69. 

  69. in use.  Since the ipv6 socket will accept ipv4 packets and map them,
    70. 

  70. however, the ipv4 addresses continue to function.
    71. 

  71. 

  72. The effect is that the config file listen-on directive will not be
    73. 

  73. respected on these systems.
    74. 

  74. 

  75. 

  76. IPV6 Sockets Accept IPV4, Specific IPV4 Address Bindings Succeed
    77. 

  77. ----------------------------------------------------------------
    78. 

  78. 

  79. In this case, the system allows opening an ipv6 wildcard address
    80. 

  80. socket and then binding to a more specific ipv4 address later.  An
    81. 

  81. example of this type of system is Digital Unix with ipv6 patches
    82. 

  82. applied.
    83. 

  83. 

  84. What this means to bind9 is that the application will respect
    85. 

  85. listen-on in regards to ipv4 sockets, but it will use mapped ipv6
    86. 

  86. addresses for any that do not match the listen-on list.  This, in
    87. 

  87. effect, makes listen-on useless for these machines as well.
    88. 

  88. 

  89. 

  90. IPV6 Sockets Do Not Accept IPV4
    91. 

  91. -------------------------------
    92. 

  92. 

  93. On these systems, opening an IPV6 socket does not implicitly open any
    94. 

  94. ipv4 sockets.  An example of these systems are NetBSD-current with the
    95. 

  95. latest KAME patch, and other systems which use the latest KAME patches
    96. 

  96. as their ipv6 implementation.
    97. 

  97. 

  98. On these systems, listen-on is fully functional, as the ipv6 socket
    99. 

  99. only accepts ipv6 packets, and the ipv4 sockets will handle the ipv4
    100. 

  100. packets.
    101. 

  101. 

  102. 

  103. RELEVANT RFCs
    104. 

  104. -------------
    105. 

  105. 

  106. 3513:  Internet Protocol Version 6 (IPv6) Addressing Architecture
    107. 

  107. 

  108. 3493:  Basic Socket Interface Extensions for IPv6
    109. 

  109. 

  110. 3542:  Advanced Sockets Application Program Interface (API) for IPv6
    111. 

  111. 

  112. 

  113. $Id: ipv6,v 1.9 2004/08/10 04:27:51 jinmei Exp $
    114.