John Levine wrote:
>> It should be easy enough to create a local alias address for the purpose
>> though. "ifconfig lo inet6 add ::2 alias", salt to taste.
>
> Uh, no. The *only* loopback address is ::1. The rest of 0000::/8 is
> reserved.
right. just like 127.0.0.0/8 is reserved. yet i use 127.0.0.2, .3, and
so on, all the time. i think it's probably safe to intrude on this
"reservation" for this use case.
> If you have a loopback software interface, you could set up a link
> local address like fe80::1, but now your DNS software has to
> understand link scoped addresses like fe80::1%lo.
>
> Having set up a DNS cache on my LAN using link local IPv6 addresses, I
> can report that it doesn't work very well.
agreed.
> All in all, I think the advice to stick with IPv4 loopback addresses
> is reasonable. We can revisit this in 2050 when IPv4 is starting to
> be phased out.
disagreed. ipv4 should die a-s-a-p. don't bring up any new ipv4 services
unless you are sure they have to talk to the legacy internet. which is
demonstrably not the case for localhost dns service.
now you don't see it:
root@family:/home/vixie # ifconfig lo0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
now you do:
root@family:/home/vixie # ifconfig lo0 inet6 ::2/128 alias
root@family:/home/vixie # ifconfig lo0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
inet6 ::2 prefixlen 128
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ntpd is a grabby little thing:
root@family:/home/vixie # netstat -an | grep ::
tcp6 0 0 ::1.465 *.* LISTEN
tcp6 0 0 ::1.587 *.* LISTEN
tcp6 0 0 ::1.25 *.* LISTEN
tcp6 0 0 ::1.993 *.* LISTEN
tcp6 0 0 ::1.143 *.* LISTEN
tcp6 0 0 ::1.995 *.* LISTEN
tcp6 0 0 ::1.110 *.* LISTEN
udp6 0 0 ::2.123 *.*
udp6 0 0 fe80::1%lo0.123 *.*
udp6 0 0 ::1.123 *.*
udp6 0 0 fe80::2a0:98ff:f.123 *.*
i had to alter these lines of my ipfw configuration:
add pass all from any to any via lo0
add deny all from any to { ::1 or 127.0.0.0/8 }
add deny ip from { ::1 or 127.0.0.0/8 } to any
they now read:
add pass all from any to any via lo0
add deny all from any to { ::1 or ::2 or 127.0.0.0/8 }
add deny ip from { ::1 or ::2 or 127.0.0.0/8 } to any
i had to add a line to ntp.conf:
restrict -6 ::1
restrict -6 ::2
noting, the other lines in that vicinity tell us things about
127.0.0.0/8 that the IETF might not know:
restrict 127.127.1.0
but anyway, it works:
root@family:/home/vixie # ntpq -p ::2
remote refid st t when poll reach delay offset
jitter
==============================================================================
mm1.redbarn.org 108.61.194.85 3 u 1 64 1 0.287 3.617
0.075
ks.redbarn.org 208.75.88.4 3 u 2 64 1 1.171 -0.744
0.000
--
Paul Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
