IETF Logo Mail Archive

Re: [Asrg] For DNSBLs, embedded IPv4 in IPv6

Tim Chown <tjc@ecs.soton.ac.uk> Mon, 04 August 2008 08:50 UTC

Return-Path: <asrg-bounces@ietf.org>
X-Original-To: asrg-archive@optimus.ietf.org
Delivered-To: ietfarch-asrg-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 480813A6A17; Mon, 4 Aug 2008 01:50:14 -0700 (PDT)
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 59D443A69B6 for <asrg@core3.amsl.com>; Mon, 4 Aug 2008 01:50:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ksdU6mJsLmmo for <asrg@core3.amsl.com>; Mon, 4 Aug 2008 01:50:11 -0700 (PDT)
Received: from owl.ecs.soton.ac.uk (owl.ecs.soton.ac.uk [IPv6:2001:630:d0:f102:230:48ff:fe77:96e]) by core3.amsl.com (Postfix) with ESMTP id 20B2F3A680E for <asrg@ietf.org>; Mon, 4 Aug 2008 01:50:10 -0700 (PDT)
X-ECS-MailScanner-Watermark: 1218444632.30266@dPjEONYb+pGKYPVZ6s/jBA
Received: from gander.ecs.soton.ac.uk ([IPv6:2001:630:d0:f102:21d:9ff:fe22:9fc]) by owl.ecs.soton.ac.uk (8.13.1/8.13.1) with ESMTP id m748oU4W026198; Mon, 4 Aug 2008 09:50:30 +0100
Received: from login.ecs.soton.ac.uk (login.ecs.soton.ac.uk [IPv6:2001:630:d0:f102:230:48ff:fe59:5f12]) by gander.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id m748oIPq008555 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 4 Aug 2008 09:50:18 +0100
Received: from login.ecs.soton.ac.uk (localhost.localdomain [127.0.0.1]) by login.ecs.soton.ac.uk (8.13.8/8.11.6) with ESMTP id m748oIWi010896; Mon, 4 Aug 2008 09:50:18 +0100
Received: (from tjc@localhost) by login.ecs.soton.ac.uk (8.13.8/8.13.8/Submit) id m748oHXJ010895; Mon, 4 Aug 2008 09:50:17 +0100
Date: Mon, 04 Aug 2008 09:50:17 +0100
From: Tim Chown <tjc@ecs.soton.ac.uk>
To: Anti-Spam Research Group - IRTF <asrg@ietf.org>
Message-ID: <20080804085017.GC8995@login.ecs.soton.ac.uk>
References: <alpine.BSF.1.10.0808032025200.42502@simone> <EMEW-k739RVb32fbbdad10f6dcc33cb800e6e60180f-g76ee4$b37$1@ger.gmane.org>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <EMEW-k739RVb32fbbdad10f6dcc33cb800e6e60180f-g76ee4$b37$1@ger.gmane.org>
User-Agent: Mutt/1.4.2.2i
X-ECS-MailScanner-ID: m748oIPq008555
X-ECS-MailScanner: Found to be clean, Found to be clean
X-ECS-MailScanner-Information: Please contact the ISP for more information
X-MailScanner-ID: m748oU4W026198
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
Cc: Pekka Savola <pekkas@netcore.fi>
Subject: Re: [Asrg] For DNSBLs, embedded IPv4 in IPv6
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@ietf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/asrg>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: asrg-bounces@ietf.org
Errors-To: asrg-bounces@ietf.org

Hi,

An excellent reference for application developers is RFC4038.

If you have any issues or clarifications on this text, I know that
at the very least Pekka is still active, so may answer questions
regarding adding IPv6 capability to DNSBL.

My personal experience is that applications should use explicit
IPv4 or IPv6 addresses in configuration files (not mapped addresses).
This is perfectly normal, e.g. in Apache or sendmail configs.

One place you may see mapped addresses is typically in log files.

The late Itojun wrote a draft on why IPv6 mapped addresses on the
wire are considered harmful:
http://www.watersprings.org/pub/id/draft-itojun-v6ops-v4mapped-harmful-02.txt

What was the other issue?  Looking for some 'test' address where currently
127.0.0.2 is used for the IPv4-only application?   What is the purpose of 
the test address?

Tim

On Mon, Aug 04, 2008 at 10:26:45AM +0200, Frank Ellermann wrote:
> John Levine wrote:
> 
> > Someone pointed out that in some popular dual stack systems,
> > connections from IPv4 addresses appear as IPv6 addresses
> > in :FFFF:0000:0000/96
> 
> Yes, that is what I meant when I mentioned RFC 4408, (ab)using
> ::FFFF:127.0.0.2 as an "obvious" test entry.  Another proposal
> in the meeting was to use one of the IPv6 example addresses
> for this purpose.  But I can't remember the example addresses
> without my 4408 cheat sheet, an obvious entry would be better.
> 
> > The immediate question is whether to add a sentence or two
> > to the DNSBL spec saying that if you have a DNSBL listing
> > both v4 and v6 addresses, and you list a v4 address, you
> > SHOULD or MUST also list the corresponding embedded v6
> 
> No.  It is the job of the clients to get this right, they are
> supposed to ask for the IPv4 form of these addresses.  With
> ::FFFF:127.0.0.2 as a possible *exception* for test purposes.
> 
>  Frank
> 
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www.ietf.org/mailman/listinfo/asrg

-- 
Tim


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email