[Bug 451] New: new config-Option: IPv4or6

Dan Kaminsky dan at doxpara.com
Wed Dec 4 14:50:00 EST 2002


> Remove it from DNS or use -4.

Removal from DNS is not always an option -- arguably, it's more secure 
to distrust DNS and instead explictly specify an IP/Hostalias combination.

If someone's intentionally specifying an IP address, maybe it's because 
they're saying DNS isn't working right.  We shouldn't reintroduce a 
dependancy if we can avoid it, especially if it's a blocking one. 
(Those reports of "my sshd freezes for thirty seconds before it logs me 
in" always have something to do with DNS.)

Anyway, command line options really should be shorthand for a longer, 
more verbose specification in a configuration file.  If you accept the 
command line as The Most Important Stuff You Need To Use, the config 
file is that and everything else.  What else would it be?

>>What if IPv6 endpoints and IPv4 endpoints fall out of sync (i.e. 1.2.3.4 
>>is not IPv6 1.2.3.4)?
> 
> See above.

How does DNS prevent IPv4/IPv6 desync?
How does DNS address the case where the ipv6 network is in permanent 
alpha state?  If somebody knows they absolutely want to avoid all IPV6 
use -- heh, maybe it crashes their network -- why shouldn't they be able 
to specify that in a config file?  We certainly have much less useful 
stuff in that pile :-)

> http://www.ietf.org/internet-drafts/draft-savola-v6ops-6bone-mess-01.txt

Very interesting reading -- I'll print this out when I get home.

> Also, "IPv6 transition architecture" and "getaddrinfo address ordering"  
> discussion on IETF v6ops mailing list last month may be very interesting 
> in that light.

Got a link I can jump in on?

--Dan




More information about the openssh-unix-dev mailing list