Subject: Re: DNS resolver address filtering
To: None <tech-net@NetBSD.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-net
Date: 08/08/2005 03:32:23
> We need a facility added to the resolver to filter the addresses it
> returns.

We do?

> I do not have IPv6 connectivity.  Until I do, it is pointless for the
> apps to try any IPv6 addresses.

With you so far.

> I need a way to prevent the DNS resolver (probably with a directive
> in /etc/resolv.conf) from returning IPv6 addresses.

Why?  I don't see how this follows from the preceding.

Some of my machines have no v6 connectivity either.  Aside from
occasional noise messages (EHOSTUNREACH/ENETUNREACH) when trying to
connect to v6 addresses, the current semantics haven't hurt anything as
far as I can see.  (They can be a problem for tools that don't try
multiple addresses - but such tools are rather broken even in a v4-only
net anyway.)

> One day, there will be IPv6-only sites.

"One day"?  I spent the second half of 2002 in Norway, working for
Universitetet i Tromsų.  The University arranged for a netlink to my
house - and it was v6-only.  (Fully routable v6 addresses, just no v4
connectivity.)  As far as I can tell, only North America thinks v6 is
still in the future.

> They will also need such a filter facility, to remove IPv4 addresses
> from the resolver response.

I can't see why, any more than I see the need you see for removing v6
addresses now.

Can you explain what I'm missing?

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B