[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC3484 problem: scoping with site-locals/ULAs

To: Walt Lazear <lakematesw@comcast.net>
Subject: Re: RFC3484 problem: scoping with site-locals/ULAs
From: Pekka Savola <pekkas@netcore.fi>
Date: Tue, 9 May 2006 23:43:13 +0300 (EEST)
Cc: ipv6@ietf.org, v6ops@ops.ietf.org
In-reply-to: <01fb01c673a6$434f1760$5100a8c0@WaltXP>
References: <01fb01c673a6$434f1760$5100a8c0@WaltXP>

On Tue, 9 May 2006, Walt Lazear wrote:

It sounds like the site in question has a single DNS and it'stelling outsiders about private stuff that should not be allowed toescape.

Exactly the opposite. To solve this problem using split DNS, the DNSresolvers at the site would need to BLOCK any global IPv6 addressesfrom being received (in DNS packets) from _outside_ the site.


--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Re: RFC3484 problem: scoping with site-locals/ULAs
  - From: "Walt Lazear" <lakematesw@comcast.net>

Prev by Date: Re: RFC3484 problem: scoping with site-locals/ULAs
Next by Date: Re: RFC3484 problem: scoping with site-locals/ULAs
Previous by thread: Re: RFC3484 problem: scoping with site-locals/ULAs
Next by thread: RE: RFC3484 problem: scoping with site-locals/ULAs
Index(es):
- Date
- Thread