On Mar 5, 10:14, Martin Burnicki <[email protected]> wrote: > > The IPv4 address is used only after the IPv6 address has timed out, even > though (as far as I understand it) the DNS server first returns an IPv4 > address, then an IPv6 address: > > # host support.ntp.org > support.ntp.org has address 204.152.184.138 > support.ntp.org has IPv6 address 2001:4f8:0:2::23
That's a bit misleading. At the protocol level the queries are often distinct, asking for A or AAAA records. type=any will return both but is not typically used in apps. At the app level, if the app looks up a name indicating both IPv4 and IPv6 addresses are desired, platform and site policies come into play > I know a possible solution would be to use a IPv6-over-IPv4 tunnel to the > internet. However, if this has not been set up then access may fail for a > reason which is not obvious. > > AFAIK some browsers, e.g. Firefox, can be configured to prefer either IPv4 > or IPv6, so this can be solved without a tunnel. It sounds like you use a disconnected IPv6 network alongside a connected RFC1918 v4 network internally. I wonder if you could get by using only link-local addresses for your internal IPv6 network? I believe that would solve the problem because your stack would know it can't connect to a global v6 address from a machine with only link- local v6 addresses. > A good solution would be to let the local DNS server discard IPv6 addresses > returned from forwarders while maintaining IPv6 suuport for the local > zone/network, but I currently don't know if/how this can be configured for > bind 9. This may indeed be the best option for your configuration. I wouldn't call it a good solution, though. Your machines should be able to handle seeing AAAA records via IPv4-accessible DNS even if they can't use them. I'd dig into configuring the machines to use IPv6 as a last resort before considering DNS server-based AAAA filtering. Cheers, Dave Hart _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
