[OCCAID] rDNS request ..

Miles Nordin carton at Ivy.NET
Fri Jun 2 15:46:47 EDT 2006 

>>>>> "jm" == Jeroen Massar <jeroen at unfix.org> writes:

    >> Only problem - v6 packets go out over the tunnel's interface
    >> 2001:4830:e0::2 and that's the source IP that's visible to any
    >> v6 mailserver that receives email. That doesnt have rDNS set,

    jm> a) Get a real IPv6 stack which has policy routing,

What I do is to set the tunnel address to 'deprecated'.

In NetBSD:
ifconfig gif0 inet6 2001:4830:e2:11::2 2001:4830:e2:11::1 prefixlen 128 deprecated alias mtu 1480

In FreeBSD:
ifconfig gif0 inet6 2001:4830:e2:11::2 2001:4830:e2:11::1 prefixlen 128 pltime 0 alias mtu 1480

setting the ``preferred lifetime'' to 0 seconds is equivalent to
'deprecated'.  This means the address is disqualified from source
address selection, but it will still accept incoming connections.  I'm
not sure whether it's eligible for use in 'bind()' on an outgoing
connection or not.

This method is nice because it affects all applications at once.

On my multihomed boxes, I configure a loopback alias, distribute that
alias with OSPFv3, and set all other interfaces' addresses to
'deprecated'.  Then I put only the loopback alias into DNS forward
lookup.  You don't need to do that---you just need to deprecate your
tunnel's prefix.

On Solaris there is some equivalent to 'deprecated' for IPv4 as well,
which is sorely missing from all free Unix I've seen.  People come up
with all these crazy Linuxy schemes of priorities and policies and
tables for source address selection (there is some for BSD IPv6 in
KAME SNAP i think) when all that's really needed for most strange
scenarios I've encountered in practice is this simple 'deprecated'
flag, which the IPv6 people meant for use in some kind of
``renumbering'' scenario, but is being used in practice for something
different and more important.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
Url : http://mailman.twdx.net/pipermail/occaid/attachments/20060602/b602d072/attachment.bin

More information about the Occaid mailing list