On 9/30/15 6:46 PM, Paul Vixie wrote: > > > John Levine wrote: >>> It should be easy enough to create a local alias address for the purpose >>> though. "ifconfig lo inet6 add ::2 alias", salt to taste. >> >> Uh, no. The *only* loopback address is ::1. The rest of 0000::/8 is >> reserved. > > right. just like 127.0.0.0/8 is reserved. yet i use 127.0.0.2, .3, and > so on, all the time. i think it's probably safe to intrude on this > "reservation" for this use case.
127.0.0.0/8 is in fact entirely reserved for loopbacks rfc 990 (class a
was great even if I don't remember it that well)
::1/128 is the rfc 4291 loopback
that doesn't mean we can't address that but:
1. ::2 isn't infact reserved for that purpose
2. 4291 deprecated ip4 compatible v6 addresses and declared that space
unusuable which makes anything in ::/96 a bad example.
The "IPv4-Compatible IPv6 address" is deprecated by this document.
The IANA should continue to list the address block containing these
addresses at http://www.iana.org/assignments/ipv6-address-space as
"Reserved by IETF" and not reassign it for any other purpose. For
example:
0000::/8 Reserved by IETF [RFC3513] [1]
The IANA has added the following note and link to this address block.
[5] 0000::/96 was previously defined as the "IPv4-Compatible IPv6
address" prefix. This definition has been deprecated by RFC
4291.
The IANA has updated the references for the IPv6 Address Architecture
in the IANA registries accordingly.
>> If you have a loopback software interface, you could set up a link
>> local address like fe80::1, but now your DNS software has to
>> understand link scoped addresses like fe80::1%lo.
>>
>> Having set up a DNS cache on my LAN using link local IPv6 addresses, I
>> can report that it doesn't work very well.
>
> agreed.
>
>> All in all, I think the advice to stick with IPv4 loopback addresses
>> is reasonable. We can revisit this in 2050 when IPv4 is starting to
>> be phased out.
>
> disagreed. ipv4 should die a-s-a-p. don't bring up any new ipv4 services
> unless you are sure they have to talk to the legacy internet. which is
> demonstrably not the case for localhost dns service.
>
> now you don't see it:
>
> root@family:/home/vixie # ifconfig lo0
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
> inet 127.0.0.1 netmask 0xff000000
> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>
> now you do:
>
> root@family:/home/vixie # ifconfig lo0 inet6 ::2/128 alias
> root@family:/home/vixie # ifconfig lo0
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
> inet 127.0.0.1 netmask 0xff000000
> inet6 ::2 prefixlen 128
> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>
> ntpd is a grabby little thing:
>
> root@family:/home/vixie # netstat -an | grep ::
> tcp6 0 0 ::1.465 *.* LISTEN
> tcp6 0 0 ::1.587 *.* LISTEN
> tcp6 0 0 ::1.25 *.* LISTEN
> tcp6 0 0 ::1.993 *.* LISTEN
> tcp6 0 0 ::1.143 *.* LISTEN
> tcp6 0 0 ::1.995 *.* LISTEN
> tcp6 0 0 ::1.110 *.* LISTEN
> udp6 0 0 ::2.123 *.*
> udp6 0 0 fe80::1%lo0.123 *.*
> udp6 0 0 ::1.123 *.*
> udp6 0 0 fe80::2a0:98ff:f.123 *.*
>
> i had to alter these lines of my ipfw configuration:
>
> add pass all from any to any via lo0
> add deny all from any to { ::1 or 127.0.0.0/8 }
> add deny ip from { ::1 or 127.0.0.0/8 } to any
>
> they now read:
>
> add pass all from any to any via lo0
> add deny all from any to { ::1 or ::2 or 127.0.0.0/8 }
> add deny ip from { ::1 or ::2 or 127.0.0.0/8 } to any
>
> i had to add a line to ntp.conf:
>
> restrict -6 ::1
> restrict -6 ::2
>
> noting, the other lines in that vicinity tell us things about
> 127.0.0.0/8 that the IETF might not know:
>
> restrict 127.127.1.0
>
> but anyway, it works:
>
> root@family:/home/vixie # ntpq -p ::2
> remote refid st t when poll reach delay offset
> jitter
> ==============================================================================
> mm1.redbarn.org 108.61.194.85 3 u 1 64 1 0.287 3.617
> 0.075
> ks.redbarn.org 208.75.88.4 3 u 2 64 1 1.171 -0.744
> 0.000
>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
