Hello:

I need to make some tests with IPv6 anycast addresses,
and I've found out that when /etc/resolv.conf has an
IPv6 anycast address, the DNS response isn't accepted because
it comes from an unicast IPv6 address.

I've been digging into the source code of
/usr/src/lib/libc/net/res_*
and I've found these constants:

RES_INSECURE1
RES_INSECURE2

and a compilation option called:

CHECK_SRVR_ADDR


What I would like to do is re-compile
the resolver library to accept DNS responses
coming from a unicast IPv6 address to solve
the problem mentioned above.

What's better... to *un*define CHECK_SRVR_ADDR
or to include RES_INSECURE1 into RES_DEFAULT ?
Do you think it's a good idea to do this ?
what are the security implications ?

PS: RES_DEFAULT appears in "resolv.h"

Best Regards.

-- 
JFRH.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Reply via email to