ipv6 revision dafcb997e390efa4423883dafd100c975c4095d6
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncCopyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncCopyright (C) 2000, 2001 Internet Software Consortium.
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncCurrently, there are multiple interesting problems with ipv6
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncimplementations on various platforms. These problems range from not
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncbeing able to use ipv6 with bind9 (or in particular the ISC socket
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsynclibrary, contained in libisc) to listen-on lists not being respected,
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncto strange warnings but seemingly correct behavior of named.
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncCOMPILE-TIME ISSUES
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsync-------------------
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncThe socket library requires a certain level of support from the
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncoperating system. In particular, it must follow the advanced ipv6
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncsocket API to be usable. The systems which do not follow this will
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsynccurrently not get any warnings or errors, but ipv6 will simply not
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncfunction on them.
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncThese systems currently include, but are not limited to:
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsync AIX 3.4 (with ipv6 patches)
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncRUN-TIME ISSUES
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsync---------------
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncIn the original drafts of the ipv6 RFC documents, binding an ipv6
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncsocket to the ipv6 wildcard address would also cause the socket to
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncaccept ipv4 connections and datagrams. When an ipv4 packet is
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncreceived on these systems, it is mapped into an ipv6 address. For
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncexample, 1.2.3.4 would be mapped into ffff::1.2.3.4. The intent of
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncthis mapping was to make transition from an ipv4-only application into
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncipv6 easier, by only requiring one socket to be open on a given port.
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncLater, it was discovered that this was generally a bad idea. For one,
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncmany firewalls will block connection to 1.2.3.4, but will let through
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncffff::1.2.3.4. This, of course, is bad. Also, access control lists
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncwritten to accept only ipv4 addresses were suddenly ignored unless
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncthey were rewritten to handle the ipv6 mapped addresses as well.
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncIn bind9, we always bind to the ipv6 wildcard port for both TCP and
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncUDP, and specific addresses for ipv4 sockets. This causes some
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncinteresting behavior depending on the system implementation of ipv6.
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncIPV6 Sockets Accept IPV4, Specific IPV4 Addresses Bindings Fail
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsync---------------------------------------------------------------
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncThe only OS which seems to do this is linux. If an ipv6 socket is
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncbound to the ipv6 wildcard socket, and a specific ipv4 socket is
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsynclater bound (say, to 1.2.3.4 port 53) the ipv4 binding will fail.
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncWhat this means to bind9 is that the application will log warnings
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncabout being unable to bind to a socket because the address is already
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncin use. Since the ipv6 socket will accept ipv4 packets and map them,
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsynchowever, the ipv4 addresses continue to function.
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncThe effect is that the config file listen-on directive will not be
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncrespected on these systems.
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncIPV6 Sockets Accept IPV4, Specific IPV4 Address Bindings Succeed
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsync----------------------------------------------------------------
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncIn this case, the system allows opening an ipv6 wildcard address
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncsocket and then binding to a more specific ipv4 address later. An
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncexample of this type of system is Digital Unix with ipv6 patches
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncWhat this means to bind9 is that the application will respect
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsynclisten-on in regards to ipv4 sockets, but it will use mapped ipv6
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncaddresses for any that do not match the listen-on list. This, in
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsynceffect, makes listen-on useless for these machines as well.
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncIPV6 Sockets Do Not Accept IPV4
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsync-------------------------------
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncOn these systems, opening an IPV6 socket does not implicitly open any
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncipv4 sockets. An example of these systems are NetBSD-current with the
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsynclatest KAME patch, and other systems which use the latest KAME patches
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncas their ipv6 implementation.
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncOn these systems, listen-on is fully functional, as the ipv6 socket
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsynconly accepts ipv6 packets, and the ipv4 sockets will handle the ipv4
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncRELEVANT RFCs
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsync-------------
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsync2373: IP Version 6 Addressing Architecture
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsync2553: Basic Socket Interface Extensions for IPv6
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsyncdraft-ietf-ipngwg-rfc2292bis-01: Advanced Sockets API for IPv6 (draft)
61cb83a8ccd1dd7f671f31fa93c9d8b7be09b4ccvboxsync$Id: ipv6,v 1.6 2004/03/05 05:04:53 marka Exp $