> > Hello: > > I need to make some tests with IPv6 anycast addresses, > and I've found out that when /etc/resolv.conf has an > IPv6 anycast address, the DNS response isn't accepted because > it comes from an unicast IPv6 address. > > I've been digging into the source code of > /usr/src/lib/libc/net/res_* > and I've found these constants: > > RES_INSECURE1 > RES_INSECURE2 > > and a compilation option called: > > CHECK_SRVR_ADDR > > > What I would like to do is re-compile > the resolver library to accept DNS responses > coming from a unicast IPv6 address to solve > the problem mentioned above. > > What's better... to *un*define CHECK_SRVR_ADDR > or to include RES_INSECURE1 into RES_DEFAULT ? > Do you think it's a good idea to do this ? > what are the security implications ? > > PS: RES_DEFAULT appears in "resolv.h" > > Best Regards. > > -- > JFRH. >
IPv6 anycast addresses are a joke as they are currently defined. Don't bother with them until there behaviour gets redefined by the IETF. Mark -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message