spf-discuss
[Top] [All Lists]

Re: IPv6 / a+ip6

2005-05-18 06:28:21
In 
<Pine(_dot_)LNX(_dot_)4(_dot_)62(_dot_)0505180612580(_dot_)25484(_at_)sokol(_dot_)elan(_dot_)net>
 "william(at)elan.net" <william(_at_)elan(_dot_)net> writes:

I think this is answered by the above quote of the SPF spec.  If not,
let me know.

How am I supposed to read "a:example.com/24" with example.com having
both IPv4 and IPv6 address? What if I want to specify different masks
depending on if the connection from my server is coming from ip4 or ip6?

The ABNF in the spec is as follows:

   A                = "a"      [ ":" domain-spec ] [ dual-cidr-length ]

   ip4-cidr-length  = "/" 1*DIGIT
   ip6-cidr-length  = "/" 1*DIGIT
   dual-cidr-length = [ ip4-cidr-length ] [ "/" ip6-cidr-length ]

Hence, a:example.com/24 specifies a CIDR length for *only* IPv4.  If
there are any IPv6 addresses, only the exact (/128) matches will
qualify.

If you want to specify both IPv4 and IPv6 CIDR lengths, you need to do
something like "a:example.com/24//64".  To specify only IPv6, use
something like "a:example.com//64".


P.S. I hope you realize that saying we will always assume mask to be
ip4 will get you into hot waters with IETF because IETF says that all
new protocols should be ip-address neutral or support both ip4 and ip6
equally well.

I *think* the IPv6 stuff is all well defined.  There *are* people
using it and it has been hashed out.  But, since I don't use IPv6, I
don't feel anywhere near as comfortable about declaring it solid.

Maybe Julian or other IPv6 users will chip in with their opinions.


-wayne