In message <ca+ofh68z4wuagabxsjnvfyhyhjlkksyljmutrqycgbphmdv...@mail.gmail.com>, Hansen Candrawinata writes: > Thanks for the responses. > > Can a DNS server (the machine, not BIND) be a tunnel endpoint > for 6to4?
Yes, provided it meets all the criteria for being a 6to4 tunnel end point. You need a non ambious IPv4 address for the tunnel end point. If your ISP gives you a NAT'd (shared) address you can't run 6to4. You can't use a RFC 1918 address for your tunnel end point. Your firewall needs to expect reply traffic from anywhere from anywhere. Just because you send your encapsulated packet to 192.88.99.1, don't expect the encapusulted reply traffic to come from 192.88.99.1. 6to4 traffic is asymetric. Some ISP run firewalls which block non symetric traffic. A major part of the problem Google and other big providers have with deploying IPv6 is badly configured 6to4 gateways (often done automatically) and code that doesn't fall back to IPv4, or fall back to IPv4 in a timely manner. Put the two together and you have problems. Test your 6to4 configuration. Personally I would setup a tunnel with a tunnel broker, like HE.NET, rather than running 6to4. You then know who to talk to when you have IPv6 problems. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
