0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark AndrewsCopyright (C) 2000, 2001, 2004, 2016 Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark AndrewsThis Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark AndrewsLicense, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrewsfile, You can obtain one at http://mozilla.org/MPL/2.0/.
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffCurrently, there are multiple interesting problems with ipv6
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffimplementations on various platforms. These problems range from not
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffbeing able to use ipv6 with bind9 (or in particular the ISC socket
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Grafflibrary, contained in libisc) to listen-on lists not being respected,
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffto strange warnings but seemingly correct behavior of named.
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffCOMPILE-TIME ISSUES
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graff-------------------
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffThe socket library requires a certain level of support from the
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffoperating system. In particular, it must follow the advanced ipv6
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffsocket API to be usable. The systems which do not follow this will
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffcurrently not get any warnings or errors, but ipv6 will simply not
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Grafffunction on them.
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffThese systems currently include, but are not limited to:
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graff AIX 3.4 (with ipv6 patches)
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffRUN-TIME ISSUES
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graff---------------
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffIn the original drafts of the ipv6 RFC documents, binding an ipv6
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffsocket to the ipv6 wildcard address would also cause the socket to
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffaccept ipv4 connections and datagrams. When an ipv4 packet is
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffreceived on these systems, it is mapped into an ipv6 address. For
3da9aeb80704bdd45aaf5971d1a06cbd13580ca9Tatuya JINMEI 神明達哉example, 1.2.3.4 would be mapped into ::ffff:1.2.3.4. The intent of
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffthis mapping was to make transition from an ipv4-only application into
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffipv6 easier, by only requiring one socket to be open on a given port.
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffLater, it was discovered that this was generally a bad idea. For one,
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffmany firewalls will block connection to 1.2.3.4, but will let through
3da9aeb80704bdd45aaf5971d1a06cbd13580ca9Tatuya JINMEI 神明達哉::ffff:1.2.3.4. This, of course, is bad. Also, access control lists
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffwritten to accept only ipv4 addresses were suddenly ignored unless
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffthey were rewritten to handle the ipv6 mapped addresses as well.
3da9aeb80704bdd45aaf5971d1a06cbd13580ca9Tatuya JINMEI 神明達哉Partly because of these problems, the latest IPv6 API introduces an
3da9aeb80704bdd45aaf5971d1a06cbd13580ca9Tatuya JINMEI 神明達哉explicit knob (the "IPV6_V6ONLY" socket option ) to turn off the ipv6
3da9aeb80704bdd45aaf5971d1a06cbd13580ca9Tatuya JINMEI 神明達哉mapped address usage.
97a19a9ad60796faaa9eb851c0b84ff2f8a4211bTatuya JINMEI 神明達哉In bind9, we first check if both the advanced API and the IPV6_V6ONLY
97a19a9ad60796faaa9eb851c0b84ff2f8a4211bTatuya JINMEI 神明達哉socket option are available. If both of them are available, bind9
97a19a9ad60796faaa9eb851c0b84ff2f8a4211bTatuya JINMEI 神明達哉named will bind to the ipv6 wildcard port for both TCP and UDP.
97a19a9ad60796faaa9eb851c0b84ff2f8a4211bTatuya JINMEI 神明達哉Otherwise named will make a warning and try to bind to all available
97a19a9ad60796faaa9eb851c0b84ff2f8a4211bTatuya JINMEI 神明達哉ipv6 addresses separately.
3da9aeb80704bdd45aaf5971d1a06cbd13580ca9Tatuya JINMEI 神明達哉In any case, bind9 named binds to specific addresses for ipv4 sockets.
3da9aeb80704bdd45aaf5971d1a06cbd13580ca9Tatuya JINMEI 神明達哉The followings are historical notes when we always bound to the ipv6
3da9aeb80704bdd45aaf5971d1a06cbd13580ca9Tatuya JINMEI 神明達哉wildcard port regardless of the availability of the API support.
3da9aeb80704bdd45aaf5971d1a06cbd13580ca9Tatuya JINMEI 神明達哉These problems should not happen with the closer checks above.
9023c42352944fd58ae14d961b60c46cd246ed25Andreas GustafssonIPV6 Sockets Accept IPV4, Specific IPV4 Addresses Bindings Fail
9023c42352944fd58ae14d961b60c46cd246ed25Andreas Gustafsson---------------------------------------------------------------
3da9aeb80704bdd45aaf5971d1a06cbd13580ca9Tatuya JINMEI 神明達哉The only OS which seems to do this is (some kernel versions of) linux.
3da9aeb80704bdd45aaf5971d1a06cbd13580ca9Tatuya JINMEI 神明達哉If an ipv6 socket is bound to the ipv6 wildcard socket, and a specific
3da9aeb80704bdd45aaf5971d1a06cbd13580ca9Tatuya JINMEI 神明達哉ipv4 socket is later bound (say, to 1.2.3.4 port 53) the ipv4 binding
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffWhat this means to bind9 is that the application will log warnings
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffabout being unable to bind to a socket because the address is already
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffin use. Since the ipv6 socket will accept ipv4 packets and map them,
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffhowever, the ipv4 addresses continue to function.
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffThe effect is that the config file listen-on directive will not be
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffrespected on these systems.
9023c42352944fd58ae14d961b60c46cd246ed25Andreas GustafssonIPV6 Sockets Accept IPV4, Specific IPV4 Address Bindings Succeed
9023c42352944fd58ae14d961b60c46cd246ed25Andreas Gustafsson----------------------------------------------------------------
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffIn this case, the system allows opening an ipv6 wildcard address
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffsocket and then binding to a more specific ipv4 address later. An
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffexample of this type of system is Digital Unix with ipv6 patches
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffWhat this means to bind9 is that the application will respect
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Grafflisten-on in regards to ipv4 sockets, but it will use mapped ipv6
9023c42352944fd58ae14d961b60c46cd246ed25Andreas Gustafssonaddresses for any that do not match the listen-on list. This, in
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffeffect, makes listen-on useless for these machines as well.
9023c42352944fd58ae14d961b60c46cd246ed25Andreas GustafssonIPV6 Sockets Do Not Accept IPV4
9023c42352944fd58ae14d961b60c46cd246ed25Andreas Gustafsson-------------------------------
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael GraffOn these systems, opening an IPV6 socket does not implicitly open any
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffipv4 sockets. An example of these systems are NetBSD-current with the
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Grafflatest KAME patch, and other systems which use the latest KAME patches
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffas their ipv6 implementation.
9023c42352944fd58ae14d961b60c46cd246ed25Andreas GustafssonOn these systems, listen-on is fully functional, as the ipv6 socket
26a455b8206621c3e470dbea1f172d78f5a0e56bMichael Graffonly accepts ipv6 packets, and the ipv4 sockets will handle the ipv4
3da9aeb80704bdd45aaf5971d1a06cbd13580ca9Tatuya JINMEI 神明達哉3513: Internet Protocol Version 6 (IPv6) Addressing Architecture
4ac00f66832747f88c552904f7716571d3349d81Tatuya JINMEI 神明達哉3493: Basic Socket Interface Extensions for IPv6
3da9aeb80704bdd45aaf5971d1a06cbd13580ca9Tatuya JINMEI 神明達哉3542: Advanced Sockets Application Program Interface (API) for IPv6
4ac00f66832747f88c552904f7716571d3349d81Tatuya JINMEI 神明達哉$Id: ipv6,v 1.9 2004/08/10 04:27:51 jinmei Exp $