IPv4 in IPv6 in AAAA records
Colm MacCarthaigh
colm.maccarthaigh at heanet.ie
Tue Aug 24 09:45:08 UTC 2004
On Mon, Aug 23, 2004 at 06:33:15PM -0500, Phil Howard wrote:
> An address expressed like ::ffff:209.102.192.73 could be used on a system
> that has only IPv6 implemented, or only has IPv6 reachability, or has a
> LAN that is limited to IPv6, and such an address can be converted to IPv4
> at some point between that machine's stack (inclusive) to that network's
> gateway (NAT), and go out over the rest of the net as IPv4.
Absolutely not! As Itojun sais, ::ffff addresses are supposed to be
local to a host only, they are never to appear on the wire, see
his ID for reasons why this is a bad thing:
http://www.join.uni-muenster.de/Dokumente/drafts/draft-itojun-v6ops-v4mapped-harmful-02.txt
What you are describing is almost like a relay translator, see:
http://www.faqs.org/rfcs/rfc3142.html
But this is a layer 3 device, doing it in layer 2 won't really work
reliabily (because of header incompatibilities). And it uses the C6::/64
prefix.
> Getting back to DNS, it's also a way to query a single record type once
> and get an address that says "Use IPv4 instead, and here's the address".
>
> Should any of what I describe not be done, or be done some other way?
You're just using the wrong prefix is all :) ::ffff is for host-only
translation, a well-configured host should deny any packets with this
prefix to come in over the wire.
--
Colm MacCárthaigh / HEAnet, Teach Brooklawn, / Innealtóir Ghréasáin
+353 1 6609040 / Bóthar Shelbourne, BÁC, IE / http://www.hea.net/
More information about the nsd-users
mailing list