[Dnsmasq-discuss] bogus-priv for IPV6
Jima
jima at beer.tclug.org
Sun Sep 9 23:50:13 BST 2012
On 2012-09-08 07:16, Jan Seiffert wrote:
> Gene Czarcinski schrieb:
>> On 09/08/2012 05:13 AM, Jim Bos wrote:
>>> On 09/07/2012 09:49 PM, Simon Kelley wrote:
> [snip]
>>> As a temporary workaround as I noticed all kind of queries going
>>> upstream, I put this in my config to prevent reverse lookups for
>>> link-local addresses:
>>>
>>> server=/f.f.ip6.arpa/ server=/e.f.ip6.arpa/
>>>
>>> Which seems to work as expected, i.e. queries are suppressed.
>>>
>>> Jim
>>>
>>>
>> Oh my ... a simple solution! I am certainly not an IPV6 expert of
>> any kind but would just doing this be sufficient?
>>
>
> I think not.
>
> You need minimum:
> Unspecified - ::/128
> loopback - ::1/128
See below.
> multicast - ff::/8
> linklocal - fe8::/10
Uh, that should be ff00::/8 and fe80::/10, and is what the OP covered.
>
> maybe:
> sitelocal - fec::/10
ITYM fec0::/10, and it would be covered by e.f.ip6.arpa. (Deprecated,
in case anyone missed that detail.)
> uniquelocal - fc::/7
server=/c.f.ip6.arpa/
server=/d.f.ip6.arpa/
> documentation - 2001:db8::/32
server=/8.b.d.0.1.0.0.2.ip6.arpa/
> benchmark - 2001:2::/48
server=/2.0.0.0.1.0.0.2.ip6.arpa/
> compat(deprecated) - ::/96
server=/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/
...I think, but would also cover unspecified and loopback above.
Don't forget to zero-pad undefined sections of prefixes -- those
bitfields are relevant.
Jima
More information about the Dnsmasq-discuss
mailing list