IPv6 dns query control in non-routed (ULA) v6 networks?
Mark Andrews
Mark_Andrews at isc.org
Tue Jun 24 00:35:05 UTC 2008
> On Sat, Jun 21, 2008 at 09:50:12AM +1000, Mark Andrews wrote:
> >
> > >
> > > Is there a method within BIND to allow named to listen on ipv6, but not
> > > originate any queries over ipv6?
> > >
> > > We're bringing up a dual-stack network using Unique Local Unicast address
> > > space, and my caching servers are attempting to perform recursion over
> > > v6 to some external servers. I can't readily use an RFC3484 policy
> > > table on the host because it's an "appliance" and such a mod would be uns
> uppo
> > > rted.
> > >
> > > Thanks.
> >
> > The following may work. Untested.
> >
> > Mark
> >
> > server <ula_prefix>/48 {
> > bogus no;
> > };
> >
> > server ::/0 {
> > bogus yes;
> > };
>
>
> Unfortunately, at least this version ( BIND 9.3.4-P1 ) seems not to support
> the use of an ip_prefix (or address_match_list) as the target of a server cla
> use:
>
> /etc/named.conf:33: '{' expected near '/'
Well you could update to BIND 9.4 or BIND 9.5. :-)
BIND 9.3.x's 6 month end-of-life counter started ticking
with the release of BIND 9.5.0.
You could also try.
bogus {
!<ula_prefix>/48;
!::1;
::/0;
};
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list