[Dnsmasq-discuss] Fwd: Re: dnsmasq: bogus-priv for IPV6

Gene Czarcinski gene at czarc.net
Mon Sep 10 16:58:38 BST 2012 

OK, I forwarded my question to an individual who I believe knows much 
more about IPV6 than I do and he agrees the dnsmasq should optionally 
not forward "private" ipv6 packets.

Now, I believe that a "bogus-priv6" would be useful but this is only at 
some border between an internal network and an external network. 
Otherwise, anything goes so that the internal network can use this IPv6 
addresses that should not be forwarded to the Internet.

While the suggested "quick fixes" are good, this should be in the 
dnsmasq code itself so that individuals creating an instantiation of 
dnsmasq does not the extensive technical details.

Gene


-------- Original Message --------
Subject: 	Re: dnsmasq: bogus-priv for IPV6
Date: 	Mon, 10 Sep 2012 11:43:56 +0100
From: 	Daniel P. Berrange <berrange at redhat.com>
Reply-To: 	Daniel P. Berrange <berrange at redhat.com>
To: 	Gene Czarcinski <gene at czarc.net>



On Sat, Sep 08, 2012 at 08:54:00AM -0400, Gene Czarcinski wrote:
> Daniel ... I am forwarding this message to you because I saw that
> you have done some work with qemu/kvm/libvirt and IPV6 ... actually
> getting something working as described in your article.
>
> As you may have noticed, I have some interest in dnsmasq incorrectly
> (or at least undesirably) forward queries.  One thought that
> occurred to me concerned IPV6 ... should there be a "bogus-priv"
> option for IPv6.  The solution may be even simpler.  Comments?

I think you're right that dnsmasq should be able to stop
forwarding queries for the unique local IPv6 addrs. Whether
it is a new 'bogus-priv6' option or uses the hack-around
describe in the thread below, isn't a huge deal. I suspect
a 'bogus-priv6' option would be nicer though, since it makes
it more obvious to users.

Daniel
-- 
|: http://berrange.com      -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o- http://virt-manager.org :|
|: http://autobuild.org       -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o- http://live.gnome.org/gtk-vnc :|

More information about the Dnsmasq-discuss mailing list