[Dnsmasq-discuss] bogus-priv for IPV6

Gene Czarcinski gene at czarc.net
Sat Sep 8 13:43:03 BST 2012


On 09/08/2012 05:13 AM, Jim Bos wrote:
> On 09/07/2012 09:49 PM, Simon Kelley wrote:
>> On 07/09/12 17:47, Gene Czarcinski wrote:
>>> dnsmasq has an option which makes a lot of sense to me: bogus-priv
>>> which, when specified, has the effect that IPV4 private networks
>>> 10.0.00/8, 172.16.0.0/12 and 192.168.0.0/16 are not forwarded since
>>> these are reserved for local/private networks.
>>>
>>> How about extending this option (or add a bogus-priv6 option) to include
>>> the Unique Local IPV6 Addresses as specified in RFC 4193 --
>>> http://tools.ietf.org/html/rfc4193
>>>
>>> All correctly implemented routers, etc are suppose to not route packets
>>> with these addresses but ... well, people designed/implemented those and
>>> people make mistakes.
>>>
>>> I do not consider this a high priority item.
>>>
>> Agreed that it's a good idea. I think we (the list) had a discussion
>> about this before, and it wandered off into a long digression about
>> exactly which address ranges should be blocked but nothing happened.
>>
>> Simon.
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
> As a temporary workaround as I noticed all kind of queries going
> upstream,  I put this in my config to prevent reverse lookups for
> link-local addresses:
>
> server=/f.f.ip6.arpa/
> server=/e.f.ip6.arpa/
>
> Which seems to work as expected, i.e. queries are suppressed.
>
> Jim
>
>
Oh my ... a simple solution!  I am certainly not an IPV6 expert of any 
kind but would just doing this be sufficient?

Maybe someone more knowledgeable in understanding IPV6 and RFC 4193 
could look at this.

Gene



More information about the Dnsmasq-discuss mailing list