Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #97
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!news.glorb.com!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Mark Andrews <marka@isc.org> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: Using IPv6/IPv4 tunnels to send queries to a DNS server |
| Date | Fri, 11 Nov 2011 11:48:56 +1100 |
| Lines | 35 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.57.1320972556.68562.bind-users@lists.isc.org> (permalink) |
| References | <CA+ofH6_Bg4QDMe9oEH1kvoDba0dLyw44XH7m0=JRzGPQBED5Gw@mail.gmail.com> <CA+ofH68z4wuagAbXsjnvFyHYHjLkKsyLJmuTRQYCgBPhMDvdOw@mail.gmail.com> |
| NNTP-Posting-Host | lists.isc.org |
| X-Trace | usenet.stanford.edu 1320972557 25932 149.20.64.75 (11 Nov 2011 00:49:17 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | bind-users@isc.org |
| To | Hansen Candrawinata <hansen.candrawinata@gmail.com> |
| Return-Path | <marka@isc.org> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| In-reply-to | Your message of "Fri, 11 Nov 2011 10:19:53 +1100." <CA+ofH68z4wuagAbXsjnvFyHYHjLkKsyLJmuTRQYCgBPhMDvdOw@mail.gmail.com> |
| X-Spam-Status | No, score=-1.5 required=5.0 tests=AWL,BAYES_00, T_RP_MATCHES_RCVD autolearn=ham version=3.3.1 |
| X-Spam-Checker-Version | SpamAssassin 3.3.1 (2010-03-16) on mx.ams1.isc.org |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| Xref | x330-a1.tempe.blueboxinc.net comp.protocols.dns.bind:97 |
Show key headers only | View raw
In message <CA+ofH68z4wuagAbXsjnvFyHYHjLkKsyLJmuTRQYCgBPhMDvdOw@mail.gmail.com>, Hansen Candrawinata writes: > Thanks for the responses. > > Can a DNS server (the machine, not BIND) be a tunnel endpoint > for 6to4? Yes, provided it meets all the criteria for being a 6to4 tunnel end point. You need a non ambious IPv4 address for the tunnel end point. If your ISP gives you a NAT'd (shared) address you can't run 6to4. You can't use a RFC 1918 address for your tunnel end point. Your firewall needs to expect reply traffic from anywhere from anywhere. Just because you send your encapsulated packet to 192.88.99.1, don't expect the encapusulted reply traffic to come from 192.88.99.1. 6to4 traffic is asymetric. Some ISP run firewalls which block non symetric traffic. A major part of the problem Google and other big providers have with deploying IPv6 is badly configured 6to4 gateways (often done automatically) and code that doesn't fall back to IPv4, or fall back to IPv4 in a timely manner. Put the two together and you have problems. Test your 6to4 configuration. Personally I would setup a tunnel with a tunnel broker, like HE.NET, rather than running 6to4. You then know who to talk to when you have IPv6 problems. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: Using IPv6/IPv4 tunnels to send queries to a DNS server Mark Andrews <marka@isc.org> - 2011-11-11 11:48 +1100
csiph-web