On Wed, Dec 08, 2010 at 08:55:27AM -0800, Charles Hardin wrote:
> Daniel,
>
> Our group took the position that an IPv4 (T_A) record can be
> represented as an IPv6 address (T_AAAA) record, so a fallback is
> appropriate and can still return a mapped IPv6 address.
The problem though is that not all systems treat mapped addresses the same
way. Some will route an IPv4-mapped address through the IPv4 network. Others
will route it through the IPv6 network regardless. Still others will just
drop them entirely because of security concerns--on OpenBSD IPv4-mapped
addresses are rejected immediately inside both bind(2) and connect(2).
So an interface isn't really being helpful in crafting mapped addresses
because the application still has to deal with all of the policy regardless.
A better interface would make it easier to deal with policy, not try to
paper-over the problem. But this usually involves a tie-in with the
pertinent sockets library, so it can't just occur inside of the resolver.
> We actually added this logic to the another resolver a while back, and
> if it gets removed from libcares - then, we would just add it back.
>
> I don't really think it is a hack, just a choice about do you return a
> IPv6 address if at all possible for an AF_INET6 query.
Received on 2010-12-08