[Dnsmasq-discuss] Disabling IPv6 at compile time no longer workingno

Lonnie Abelbeck lists at lonnie.abelbeck.com
Fri Oct 30 18:32:51 GMT 2020


The dnsmasq commit that removed HAVE_IPV6 means dnsmasq must be compiled on a system with IPv6 headers.

But at runtime, dnsmasq works on a IPv4-only (ipv6 module not loaded) Linux system.  Even without the ipv6 network stack (no protocol family 10 registered) dnsmasq will happily resolve AAAA records and pass them on to clients over IPv4.

I would think build systems without IPv6 headers would be hard to come by in 2020.

Lonnie


> On Oct 30, 2020, at 11:22 AM, Andrew Miskell <andrewmiskell at mac.com> wrote:
> 
> Massimo,
> 
> Simon’s reasoning for removing support is stated in the git commit. It was the source of a large number of ifdefs in the code, primarily for handling old embedded libc versions.
> 
> Removing the flags allowed him to remove all the ifdefs and make the code more maintainable overall. 
> 
> I’d actually probably also go as far as to assert that most of your arguments listed aren’t really that valid in the grand scheme of things.
> 
>> On Oct 30, 2020, at 7:10 AM, SALA MASSIMO <MASSIMO.SALA at ats-bg.it> wrote:
>> 
>> Hi Chris, Petr
>> 
>> I agree with Chris: I wish we could disable IPv6 support.
>> 
>> There are scenarios - like usage in intranet LANs,  IPv4 only - this feature is useless.
>> 
>> For best practice, unwanted features should be disabled:
>> 1) avoid any possibility of hitting bugs in code paths that implemet this functionality;
>> 2) reduce the surface of possible attacks;
>> 3) IMHO you cannot force the users to be unaware testers of unused features.
>> 
>> 
>> > It was intentionally removed in commit ee8750451b4[1], removed in 2.81 release.
>> 
>> I don't understand why this commit was approved.
>> Which are the benefits for the developers?
>> 
>> Best regards, Massimo Sala



More information about the Dnsmasq-discuss mailing list