[Dnsmasq-discuss] bogus-priv for IPV6

Jima jima at beer.tclug.org
Sun Sep 9 23:50:13 BST 2012


On 2012-09-08 07:16, Jan Seiffert wrote:
> Gene Czarcinski schrieb:
>> On 09/08/2012 05:13 AM, Jim Bos wrote:
>>> On 09/07/2012 09:49 PM, Simon Kelley wrote:
> [snip]
>>> As a temporary workaround as I noticed all kind of queries going
>>> upstream,  I put this in my config to prevent reverse lookups for
>>> link-local addresses:
>>>
>>> server=/f.f.ip6.arpa/ server=/e.f.ip6.arpa/
>>>
>>> Which seems to work as expected, i.e. queries are suppressed.
>>>
>>> Jim
>>>
>>>
>> Oh my ... a simple solution!  I am certainly not an IPV6 expert of
>> any kind but would just doing this be sufficient?
>>
>
> I think not.
>
> You need minimum:
> Unspecified   - ::/128
> loopback      - ::1/128

  See below.

> multicast     - ff::/8
> linklocal     - fe8::/10

  Uh, that should be ff00::/8 and fe80::/10, and is what the OP covered.

>
> maybe:
> sitelocal          - fec::/10

  ITYM fec0::/10, and it would be covered by e.f.ip6.arpa.  (Deprecated, 
in case anyone missed that detail.)

> uniquelocal        - fc::/7

server=/c.f.ip6.arpa/
server=/d.f.ip6.arpa/

> documentation      - 2001:db8::/32

server=/8.b.d.0.1.0.0.2.ip6.arpa/

> benchmark          - 2001:2::/48

server=/2.0.0.0.1.0.0.2.ip6.arpa/

> compat(deprecated) - ::/96

server=/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/

...I think, but would also cover unspecified and loopback above.

  Don't forget to zero-pad undefined sections of prefixes -- those 
bitfields are relevant.

      Jima



More information about the Dnsmasq-discuss mailing list