On 9/30/15 6:46 PM, Paul Vixie wrote: > > > John Levine wrote: >>> It should be easy enough to create a local alias address for the purpose >>> though. "ifconfig lo inet6 add ::2 alias", salt to taste. >> >> Uh, no. The *only* loopback address is ::1. The rest of 0000::/8 is >> reserved. > > right. just like 127.0.0.0/8 is reserved. yet i use 127.0.0.2, .3, and > so on, all the time. i think it's probably safe to intrude on this > "reservation" for this use case.
127.0.0.0/8 is in fact entirely reserved for loopbacks rfc 990 (class a was great even if I don't remember it that well) ::1/128 is the rfc 4291 loopback that doesn't mean we can't address that but: 1. ::2 isn't infact reserved for that purpose 2. 4291 deprecated ip4 compatible v6 addresses and declared that space unusuable which makes anything in ::/96 a bad example. The "IPv4-Compatible IPv6 address" is deprecated by this document. The IANA should continue to list the address block containing these addresses at http://www.iana.org/assignments/ipv6-address-space as "Reserved by IETF" and not reassign it for any other purpose. For example: 0000::/8 Reserved by IETF [RFC3513] [1] The IANA has added the following note and link to this address block. [5] 0000::/96 was previously defined as the "IPv4-Compatible IPv6 address" prefix. This definition has been deprecated by RFC 4291. The IANA has updated the references for the IPv6 Address Architecture in the IANA registries accordingly. >> If you have a loopback software interface, you could set up a link >> local address like fe80::1, but now your DNS software has to >> understand link scoped addresses like fe80::1%lo. >> >> Having set up a DNS cache on my LAN using link local IPv6 addresses, I >> can report that it doesn't work very well. > > agreed. > >> All in all, I think the advice to stick with IPv4 loopback addresses >> is reasonable. We can revisit this in 2050 when IPv4 is starting to >> be phased out. > > disagreed. ipv4 should die a-s-a-p. don't bring up any new ipv4 services > unless you are sure they have to talk to the legacy internet. which is > demonstrably not the case for localhost dns service. > > now you don't see it: > > root@family:/home/vixie # ifconfig lo0 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 > inet 127.0.0.1 netmask 0xff000000 > nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> > > now you do: > > root@family:/home/vixie # ifconfig lo0 inet6 ::2/128 alias > root@family:/home/vixie # ifconfig lo0 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 > inet 127.0.0.1 netmask 0xff000000 > inet6 ::2 prefixlen 128 > nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> > > ntpd is a grabby little thing: > > root@family:/home/vixie # netstat -an | grep :: > tcp6 0 0 ::1.465 *.* LISTEN > tcp6 0 0 ::1.587 *.* LISTEN > tcp6 0 0 ::1.25 *.* LISTEN > tcp6 0 0 ::1.993 *.* LISTEN > tcp6 0 0 ::1.143 *.* LISTEN > tcp6 0 0 ::1.995 *.* LISTEN > tcp6 0 0 ::1.110 *.* LISTEN > udp6 0 0 ::2.123 *.* > udp6 0 0 fe80::1%lo0.123 *.* > udp6 0 0 ::1.123 *.* > udp6 0 0 fe80::2a0:98ff:f.123 *.* > > i had to alter these lines of my ipfw configuration: > > add pass all from any to any via lo0 > add deny all from any to { ::1 or 127.0.0.0/8 } > add deny ip from { ::1 or 127.0.0.0/8 } to any > > they now read: > > add pass all from any to any via lo0 > add deny all from any to { ::1 or ::2 or 127.0.0.0/8 } > add deny ip from { ::1 or ::2 or 127.0.0.0/8 } to any > > i had to add a line to ntp.conf: > > restrict -6 ::1 > restrict -6 ::2 > > noting, the other lines in that vicinity tell us things about > 127.0.0.0/8 that the IETF might not know: > > restrict 127.127.1.0 > > but anyway, it works: > > root@family:/home/vixie # ntpq -p ::2 > remote refid st t when poll reach delay offset > jitter > ============================================================================== > mm1.redbarn.org 108.61.194.85 3 u 1 64 1 0.287 3.617 > 0.075 > ks.redbarn.org 208.75.88.4 3 u 2 64 1 1.171 -0.744 > 0.000 >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop