[Dnsmasq-discuss] RFC6303 support - especially IPv6

Kevin Darbyshire-Bryant kevin at darbyshire-bryant.me.uk
Mon Oct 19 14:01:09 BST 2015


Hi Simon,

I wonder if I could encourage you to look at extending the 'bogus-priv'
option to include some IPv6 zones?  In essence dnsmasq is currently
forwarding ipv6 link-local reverse queries when in reality root servers
aren't going to know anything.  Looking in the archives I see ipv6
reverses & 'bogus-priv' has been brought up before, and typically
stalled on deciding what to block.  I think RFC6303 answers those
questions to a large extent.

Attached is a patch to include extra IPv4 zones that are listed in that
document.  Maybe it'll help reduce some typing, though I'm concerned it
may also affect 'rebind zones' which I'm much less confident about :-) 
I couldn't find any IPv6 filtering otherwise I would have extended that too.

IPv6 Zones I'm currently filtering as per that document are:


'/d.f.ip6.arpa/'
'/8.e.f.ip6.arpa/'
'/9.e.f.ip6.arpa/'
'/a.e.f.ip6.arpa/'
'/b.e.f.ip6.arpa/'
'/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/'
'/1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/'


I've another more controversial idea that I'll put as another email as I
think it'll generate much more traffic!

Cheers,

Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Update-ipv4-bogus-priv-to-RFC6303-zones.patch
Type: text/x-patch
Size: 2438 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20151019/71b9f90c/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4816 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20151019/71b9f90c/attachment-0001.bin>


More information about the Dnsmasq-discuss mailing list