/contrib/bind9/doc/misc/ipv6
https://bitbucket.org/freebsd/freebsd-head/ · #! · 113 lines · 80 code · 33 blank · 0 comment · 0 complexity · 992cf0202ec56907d6dbf38ce276b72e MD5 · raw file
- Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
- See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
- Currently, there are multiple interesting problems with ipv6
- implementations on various platforms. These problems range from not
- being able to use ipv6 with bind9 (or in particular the ISC socket
- library, contained in libisc) to listen-on lists not being respected,
- to strange warnings but seemingly correct behavior of named.
- COMPILE-TIME ISSUES
- -------------------
- The socket library requires a certain level of support from the
- operating system. In particular, it must follow the advanced ipv6
- socket API to be usable. The systems which do not follow this will
- currently not get any warnings or errors, but ipv6 will simply not
- function on them.
- These systems currently include, but are not limited to:
- AIX 3.4 (with ipv6 patches)
- RUN-TIME ISSUES
- ---------------
- In the original drafts of the ipv6 RFC documents, binding an ipv6
- socket to the ipv6 wildcard address would also cause the socket to
- accept ipv4 connections and datagrams. When an ipv4 packet is
- received on these systems, it is mapped into an ipv6 address. For
- example, 1.2.3.4 would be mapped into ::ffff:1.2.3.4. The intent of
- this mapping was to make transition from an ipv4-only application into
- ipv6 easier, by only requiring one socket to be open on a given port.
- Later, it was discovered that this was generally a bad idea. For one,
- many firewalls will block connection to 1.2.3.4, but will let through
- ::ffff:1.2.3.4. This, of course, is bad. Also, access control lists
- written to accept only ipv4 addresses were suddenly ignored unless
- they were rewritten to handle the ipv6 mapped addresses as well.
- Partly because of these problems, the latest IPv6 API introduces an
- explicit knob (the "IPV6_V6ONLY" socket option ) to turn off the ipv6
- mapped address usage.
- In bind9, we first check if both the advanced API and the IPV6_V6ONLY
- socket option are available. If both of them are available, bind9
- named will bind to the ipv6 wildcard port for both TCP and UDP.
- Otherwise named will make a warning and try to bind to all available
- ipv6 addresses separately.
- In any case, bind9 named binds to specific addresses for ipv4 sockets.
- The followings are historical notes when we always bound to the ipv6
- wildcard port regardless of the availability of the API support.
- These problems should not happen with the closer checks above.
- IPV6 Sockets Accept IPV4, Specific IPV4 Addresses Bindings Fail
- ---------------------------------------------------------------
- The only OS which seems to do this is (some kernel versions of) linux.
- If an ipv6 socket is bound to the ipv6 wildcard socket, and a specific
- ipv4 socket is later bound (say, to 1.2.3.4 port 53) the ipv4 binding
- will fail.
- What this means to bind9 is that the application will log warnings
- about being unable to bind to a socket because the address is already
- in use. Since the ipv6 socket will accept ipv4 packets and map them,
- however, the ipv4 addresses continue to function.
- The effect is that the config file listen-on directive will not be
- respected on these systems.
- IPV6 Sockets Accept IPV4, Specific IPV4 Address Bindings Succeed
- ----------------------------------------------------------------
- In this case, the system allows opening an ipv6 wildcard address
- socket and then binding to a more specific ipv4 address later. An
- example of this type of system is Digital Unix with ipv6 patches
- applied.
- What this means to bind9 is that the application will respect
- listen-on in regards to ipv4 sockets, but it will use mapped ipv6
- addresses for any that do not match the listen-on list. This, in
- effect, makes listen-on useless for these machines as well.
- IPV6 Sockets Do Not Accept IPV4
- -------------------------------
- On these systems, opening an IPV6 socket does not implicitly open any
- ipv4 sockets. An example of these systems are NetBSD-current with the
- latest KAME patch, and other systems which use the latest KAME patches
- as their ipv6 implementation.
- On these systems, listen-on is fully functional, as the ipv6 socket
- only accepts ipv6 packets, and the ipv4 sockets will handle the ipv4
- packets.
- RELEVANT RFCs
- -------------
- 3513: Internet Protocol Version 6 (IPv6) Addressing Architecture
- 3493: Basic Socket Interface Extensions for IPv6
- 3542: Advanced Sockets Application Program Interface (API) for IPv6
- $Id: ipv6,v 1.9 2004/08/10 04:27:51 jinmei Exp $