Re: RES_INSECURE and CHECK_SRVR_ADDR in resolver functions (IPv6 anycast response problem)

> > Hello: > > I need to make some tests with IPv6 anycast addresses, > and I've found out that when /etc/resolv.conf has an > IPv6 anycast address, the DNS response isn't accepted because > it comes from an unicast IPv6 address. > > I've been digging into the source code of > /usr/src/lib/lib

Re: RES_INSECURE and CHECK_SRVR_ADDR in resolver functions (IPv6 anycast response problem)

> > Yes, and I know why the restriction is in RFC 1884 and it > > is a reasonable restriction. > > I don't think so, Are you saying we should source packets from the anycast address? If not you should quote better. > IP source address is easy to forge and it

Re: RES_INSECURE and CHECK_SRVR_ADDR in resolver functions (IPv6 anycast response problem)

>>> Yes, and I know why the restriction is in RFC 1884 and it >>> is a reasonable restriction. >> I don't think so, IP source address is easy to forge and it does not >> add any meaning protection. DNSSEC is the only way if you want trusted >> responsees. therefore, i agree with e

Re: RES_INSECURE and CHECK_SRVR_ADDR in resolver functions (IPv6 anycast response problem)

> Yes, and I know why the restriction is in RFC 1884 and it > is a reasonable restriction. I don't think so, IP source address is easy to forge and it does not add any meaning protection. DNSSEC is the only way if you want trusted responsees. therefore, i agr

Re: RES_INSECURE and CHECK_SRVR_ADDR in resolver functions (IPv6 anycast response problem)

> Yes, and I know why the restriction is in RFC 1884 and it > is a reasonable restriction. I don't think so, IP source address is easy to forge and it does not add any meaning protection. DNSSEC is the only way if you want trusted responsees. therefore, i agr

Re: RES_INSECURE and CHECK_SRVR_ADDR in resolver functions (IPv6 anycast response problem)

> > On Fri, 20 Sep 2002 08:59:54 +1000, > > [EMAIL PROTECTED] said: > > > IPv6 anycast addresses are a joke as they are currently > > defined. Don't bother with them until there behaviour > > gets redefined by the IETF. > > (I'm just asking,) what is the "joke" part of the

Re: RES_INSECURE and CHECK_SRVR_ADDR in resolver functions (IPv6 anycast response problem)

> > Hello: > > I need to make some tests with IPv6 anycast addresses, > and I've found out that when /etc/resolv.conf has an > IPv6 anycast address, the DNS response isn't accepted because > it comes from an unicast IPv6 address. > > I've been digging into the source code of > /usr/src/lib/lib

RES_INSECURE and CHECK_SRVR_ADDR in resolver functions (IPv6 anycast response problem)

Hello: I need to make some tests with IPv6 anycast addresses, and I've found out that when /etc/resolv.conf has an IPv6 anycast address, the DNS response isn't accepted because it comes from an unicast IPv6 address. I've been digging into the source code of /usr/src/lib/libc/net/res_* and I've f