Cross Reference: /bind-9.11.3/doc/misc/ipv6

	ipv6 revision 816e576f77e2c46df3e3d97d65822aa8aded7c4b
44aae046c38e796e581110b7ecdf4478167d684dBob HalleyCopyright (C) 2000  Internet Software Consortium.
44aae046c38e796e581110b7ecdf4478167d684dBob HalleySee COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
44aae046c38e796e581110b7ecdf4478167d684dBob Halley
44aae046c38e796e581110b7ecdf4478167d684dBob HalleyCurrently, there are multiple interesting problems with ipv6
44aae046c38e796e581110b7ecdf4478167d684dBob Halleyimplementations on various platforms.  These problems range from not
44aae046c38e796e581110b7ecdf4478167d684dBob Halleybeing able to use ipv6 with bind9 (or in particular the ISC socket
44aae046c38e796e581110b7ecdf4478167d684dBob Halleylibrary, contained in libisc) to listen-on lists not being respected,
44aae046c38e796e581110b7ecdf4478167d684dBob Halleyto strange warnings but seemingly correct behavior of named.
44aae046c38e796e581110b7ecdf4478167d684dBob Halley
44aae046c38e796e581110b7ecdf4478167d684dBob HalleyCOMPILE-TIME ISSUES
44aae046c38e796e581110b7ecdf4478167d684dBob Halley-------------------
44aae046c38e796e581110b7ecdf4478167d684dBob Halley
44aae046c38e796e581110b7ecdf4478167d684dBob HalleyThe socket library requires a certain level of support from the
44aae046c38e796e581110b7ecdf4478167d684dBob Halleyoperating system.  In particular, it must follow the advanced ipv6
44aae046c38e796e581110b7ecdf4478167d684dBob Halleysocket API to be usable.  The systems which do not follow this will
44aae046c38e796e581110b7ecdf4478167d684dBob Halleycurrently not get any warnings or errors, but ipv6 will simply not
44aae046c38e796e581110b7ecdf4478167d684dBob Halleyfunction on them.
44aae046c38e796e581110b7ecdf4478167d684dBob Halley
44aae046c38e796e581110b7ecdf4478167d684dBob HalleyThese systems currently include, but are not limited to:
44aae046c38e796e581110b7ecdf4478167d684dBob Halley
44aae046c38e796e581110b7ecdf4478167d684dBob Halley    AIX 3.4 (with ipv6 patches)
44aae046c38e796e581110b7ecdf4478167d684dBob Halley
a4e2a43f7941500341f4e4ea93bf5538bc21a9f8Michael Graff
44aae046c38e796e581110b7ecdf4478167d684dBob HalleyRUN-TIME ISSUES
44aae046c38e796e581110b7ecdf4478167d684dBob Halley---------------
44aae046c38e796e581110b7ecdf4478167d684dBob Halley
a4e2a43f7941500341f4e4ea93bf5538bc21a9f8Michael GraffIn the original drafts of the ipv6 RFC documents, binding an ipv6
44aae046c38e796e581110b7ecdf4478167d684dBob Halleysocket to the ipv6 wildcard address would also cause the socket to
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrenceaccept ipv4 connections and datagrams.  When an ipv4 packet is
44aae046c38e796e581110b7ecdf4478167d684dBob Halleyreceived on these systems, it is mapped into an ipv6 address.  For
example, 1.2.3.4 would be mapped into ffff::1.2.3.4.  The intent of
this mapping was to make transition from an ipv4-only application into
ipv6 easier, by only requiring one socket to be open on a given port.

Later, it was discovered that this was generally a bad idea.  For one,
many firewalls will block connection to 1.2.3.4, but will let through
ffff::1.2.3.4.  This, of course, is bad.  Also, access control lists
written to accept only ipv4 addresses were suddenly ignored unless
they were rewritten to handle the ipv6 mapped addresses as well.

In bind9, we always bind to the ipv6 wildcard port for both TCP and
UDP, and specific addresses for ipv4 sockets.  This causes some
interesting behavior depending on the system implementation of ipv6.


IPV6 Sockets Accept IPV4, Specific IPV4 Addresses Bindings Fail
---------------------------------------------------------------

The only OS which seems to do this is linux.  If an ipv6 socket is
bound to the ipv6 wildcard socket, and a specific ipv4 socket is
later bound (say, to 1.2.3.4 port 53) the ipv4 binding will fail.

What this means to bind9 is that the application will log warnings
about being unable to bind to a socket because the address is already
in use.  Since the ipv6 socket will accept ipv4 packets and map them,
however, the ipv4 addresses continue to function.

The effect is that the config file listen-on directive will not be
respected on these systems.


IPV6 Sockets Accept IPV4, Specific IPV4 Address Bindings Succeed
----------------------------------------------------------------

In this case, the system allows opening an ipv6 wildcard address
socket and then binding to a more specific ipv4 address later.  An
example of this type of system is Digital Unix with ipv6 patches
applied.

What this means to bind9 is that the application will respect
listen-on in regards to ipv4 sockets, but it will use mapped ipv6
addresses for any that do not match the listen-on list.  This, in
effect, makes listen-on useless for these machines as well.


IPV6 Sockets Do Not Accept IPV4
-------------------------------

On these systems, opening an IPV6 socket does not implicitly open any
ipv4 sockets.  An example of these systems are NetBSD-current with the
latest KAME patch, and other systems which use the latest KAME patches
as their ipv6 implementation.

On these systems, listen-on is fully functional, as the ipv6 socket
only accepts ipv6 packets, and the ipv4 sockets will handle the ipv4
packets.


RELEVANT RFCs
-------------

2373:  IP Version 6 Addressing Architecture

2553:  Basic Socket Interface Extensions for IPv6

draft-ietf-ipngwg-rfc2292bis-01:  Advanced Sockets API for IPv6 (draft)


$Id: ipv6,v 1.4 2000/08/09 04:37:40 tale Exp $