> 
> Hello:
> 
> I need to make some tests with IPv6 anycast addresses,
> and I've found out that when /etc/resolv.conf has an
> IPv6 anycast address, the DNS response isn't accepted because
> it comes from an unicast IPv6 address.
> 
> I've been digging into the source code of
> /usr/src/lib/libc/net/res_*
> and I've found these constants:
> 
> RES_INSECURE1
> RES_INSECURE2
> 
> and a compilation option called:
> 
> CHECK_SRVR_ADDR
> 
> 
> What I would like to do is re-compile
> the resolver library to accept DNS responses
> coming from a unicast IPv6 address to solve
> the problem mentioned above.
> 
> What's better... to *un*define CHECK_SRVR_ADDR
> or to include RES_INSECURE1 into RES_DEFAULT ?
> Do you think it's a good idea to do this ?
> what are the security implications ?
> 
> PS: RES_DEFAULT appears in "resolv.h"
> 
> Best Regards.
> 
> -- 
> JFRH.
> 

        IPv6 anycast addresses are a joke as they are currently
        defined.  Don't bother with them until there behaviour
        gets redefined by the IETF.

        Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: [EMAIL PROTECTED]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Reply via email to