>
> Hello:
>
> I need to make some tests with IPv6 anycast addresses,
> and I've found out that when /etc/resolv.conf has an
> IPv6 anycast address, the DNS response isn't accepted because
> it comes from an unicast IPv6 address.
>
> I've been digging into the source code of
> /usr/src/lib/libc/net/res_*
> and I've found these constants:
>
> RES_INSECURE1
> RES_INSECURE2
>
> and a compilation option called:
>
> CHECK_SRVR_ADDR
>
>
> What I would like to do is re-compile
> the resolver library to accept DNS responses
> coming from a unicast IPv6 address to solve
> the problem mentioned above.
>
> What's better... to *un*define CHECK_SRVR_ADDR
> or to include RES_INSECURE1 into RES_DEFAULT ?
> Do you think it's a good idea to do this ?
> what are the security implications ?
>
> PS: RES_DEFAULT appears in "resolv.h"
>
> Best Regards.
>
> --
> JFRH.
>
IPv6 anycast addresses are a joke as they are currently
defined. Don't bother with them until there behaviour
gets redefined by the IETF.
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
