spf-discuss
[Top] [All Lists]

Re: IPv6 in SPF (was: ANNOUNCE libspf-alt version 0.3)

2004-03-28 08:34:01
In 
<1080486464(_dot_)17352(_dot_)167(_dot_)camel(_at_)imladris(_dot_)demon(_dot_)co(_dot_)uk>
 David Woodhouse <dwmw2(_at_)infradead(_dot_)org> writes:

On Sun, 2004-03-28 at 08:17 -0600, wayne wrote:
Uh, yes, that is certainly a bug, and a kind of a stupid one on my
part.  I'll try to release a new version soon.  (I correctly query
for AAAA records, and then proceed to look for A records in the results.)

Doesn't getaddrinfo() do this all for you if used appropriately?

The "if used appropriately" part is key, most things don't work when
you don't use them appropriately.  I chose to uniformly use a more
general method of DNS queries because I also need to support TXT, PTR,
MX records, etc.


Basically, I suspect that anytime I get an IPv4 mapped IPv6 address, I
should just proceed as if I had gotten an IPv4 address.  Does this
sound right?

It does to me.

Ok, thanks for the confirmation.  If no one says otherwise, that is
what I'll do.

You might want to ponder the question of whether you _also_ want to look
up 2002::/16 addresses as IPv4 too. Addresses in the range
2002:xxyy:zzww::/48 are guaranteed to be coming from the IPv4 address
xx.yy.zz.ww. 

Huh.  Interesting.  I wasn't aware of that range.


Since all that is being returned by DNSBLs (and therefore the exits:
mechanism) is, in effect, a flag and since A records are shorter than
AAAA records, I suspect that the exist: mechanism should look for an A
RR.

That seems reasonable to me too.

Ok, that's good.  That is what the SPF spec says to do and what I
explicity chose to do (rather than just happen to do because of a
bug).  However, I think Meng is almost as ignorant about IPv6 stuff as
I am and so I'm questioning everything.



I'll try get a new release of libspf-alt out soon with this IPv6 stuff
cleared up.

If you want IPv6 for testing, and haven't got it already -- are you
aware you can enable '6to4' IPv6, where you automatically get a /48
subnet derived from your IPv4 address, with about two lines of addition
to most recent Linux initscripts, and probably also a similar amount of
effort on other systems?


I thought the public 6to4 gateway was experimental and went away a
while ago.  I confess that until the last couple of months, I have not
followed IPv6 very closely and am very ignorant of these issues.


Thanks for your input/education.  


-wayne