Welcome! Log In Create A New Profile

Advanced

Re: Resolve hostname to IPv6 address in listen directive

Maxim Dounin
August 25, 2010 07:06AM
Hello!

On Wed, Aug 25, 2010 at 09:27:43AM +0200, Matthias-Christian Ott wrote:

> At the moment nignx does not allow IPv6 addresses to specified by
> hostname in a listen directive, that is the following will not work:
>
> listen ipv6.example.com;
> listen [ipv6.example.com];
> listen ipv6.example.com ipv6only=on;
> listen [ipv6.example.com] ipv6only=on;
>
> Though I see a potential security problem with hostnames here (this
> also applies to IPv4), because DNS replies can be manipulated if
> DNSSEC is not used, I think that this feature would be helpful and
> simplifies administration.

Note well: listen with hostname always uses *one* address returned
by hostname lookup, the first one returned by gethostbyname(). It
doesn't make sense to attempt to use it with hostname which
resolves to multiple addresses.

> Given that example.com resolves to an IPv4 and IPv6 address, simply
> binding to both addresses with the following directive would break
> backwards compatibility: listen example.com;
>
> For backwards compatibility I propose the following to resolve the
> IPv6 addresses of a hostname and listen on them:
>
> a) listen example.com ipv6only=on;
>
> b) listen [example.com];
>
> Solution b) has the disadvantage that it doesn't conform to RFC 3986.

Both are bad. Attribute ipv6only serves completely different
purpose: it disables implicit mapping of ipv6 listen sockets to
ipv4 (for OSes where such mapping is on by default), i.e.
instructs nginx to do setsockopt(IPV6_V6ONLY) on listen socket.
See http://tools.ietf.org/html/rfc3493#section-5.3 for details.

I believe correct solution would be to make

listen example.com;

to use ipv6 address if no ipv4 addresses were found.

Maxim Dounin

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

Resolve hostname to IPv6 address in listen directive

Matthias-Christian Ott 3659 August 25, 2010 03:28AM

Re: Resolve hostname to IPv6 address in listen directive

mike 2328 August 25, 2010 03:32AM

Re: Resolve hostname to IPv6 address in listen directive

Maxim Dounin 1189 August 25, 2010 07:06AM

Re: Resolve hostname to IPv6 address in listen directive

Matthias-Christian Ott 1224 August 25, 2010 01:40PM

Re: Resolve hostname to IPv6 address in listen directive

Maxim Dounin 1172 August 25, 2010 02:46PM

Re: Resolve hostname to IPv6 address in listen directive

Matthias-Christian Ott 1445 August 25, 2010 07:56PM

Re: Resolve hostname to IPv6 address in listen directive

Piotr Sikora 1094 August 25, 2010 02:02PM

Re: Resolve hostname to IPv6 address in listen directive

Maxim Dounin 1118 August 25, 2010 03:02PM

Re: Resolve hostname to IPv6 address in listen directive

Piotr Sikora 1347 August 27, 2010 03:38AM

[PATCH] Make ipv6only default (was: Re: Resolve hostname to IPv6 address in listen directive)

Matthias-Christian Ott 1151 August 27, 2010 06:04PM

Re: [PATCH] Make ipv6only default (was: Re: Resolve hostname to IPv6 address in listen directive)

Matthias-Christian Ott 1502 August 28, 2010 06:56PM

Re: Resolve hostname to IPv6 address in listen directive

Matthias-Christian Ott 1308 August 25, 2010 08:26PM

Re: Resolve hostname to IPv6 address in listen directive

Piotr Sikora 1340 August 27, 2010 03:44AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 102
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready