nanog mailing list archives
Re: IPV6 renumbering painless?
From: Daniel Roesen <dr () cluenet de>
Date: Sat, 13 Nov 2004 02:56:32 +0100
On Fri, Nov 12, 2004 at 05:06:17PM -0800, Owen DeLong wrote:
OK, but this doesn't have any effect on your "Listen", "NameVirtualHost" and "<VirtualHost>" statements of your httpd.conf, "ListenAddress" in sshd.conf, "Bind" in proftpd.conf, "*-source" and "listen-on*" in named.conf, [...]True. However, in all of the cases above except named.conf, names are a perfectly valid substitute for the IP address.
No. Those configs are read at boot-time. Now think about a power outage recovery. Server comes up but cannot reach DNS when services are starting up. Boom, your server's services bail out and are dead in the water. To prevent this, you might fill your /etc/hosts with the own FQDN-to-IP mappings, but this again has the problem of being pretty static.
Not to forget all the IP address based ACLs.I suspect that eventually, we will discover that ADDRESS-based ACLs simply do not scale to a V6 world, and, you will see support for other strategies, such as host-name based ACLs.
Layer 3 doesn't know host names. Nor does layer 4. Applications do. Security requirements do often mandate working access control even when DNS doesn't work or is compromised. Regards, Daniel -- CLUE-RIPE -- Jabber: dr () cluenet de -- dr@IRCnet -- PGP: 0xA85C8AA0
Current thread:
- RE: IPV6 renumbering painless?, (continued)
- RE: IPV6 renumbering painless? Tony Hain (Nov 11)
- Re: IPV6 renumbering painless? Daniel Roesen (Nov 11)
- Re: IPV6 renumbering painless? Nils Ketelsen (Nov 12)
- Re: IPV6 renumbering painless? Simon Leinen (Nov 12)
- Re: IPV6 renumbering painless? Daniel Roesen (Nov 12)
- Re: IPV6 renumbering painless? Simon Leinen (Nov 12)
- KAME on IPv4? (was: Re: IPV6 renumbering painless?) Crist Clark (Nov 12)
- Re: KAME on IPv4? (was: Re: IPV6 renumbering painless?) Jeroen Massar (Nov 14)
- Re: IPV6 renumbering painless? Paul Vixie (Nov 12)
- Re: IPV6 renumbering painless? Owen DeLong (Nov 12)
- Re: IPV6 renumbering painless? Daniel Roesen (Nov 12)
- Re: IPV6 renumbering painless? Owen DeLong (Nov 13)
- Re: IPV6 renumbering painless? Henning Brauer (Nov 13)
- Re: IPV6 renumbering painless? Henning Brauer (Nov 13)
- Re: IPV6 renumbering painless? Iljitsch van Beijnum (Nov 13)
- Re: IPV6 renumbering painless? Henning Brauer (Nov 13)
- Re: IPV6 renumbering painless? Owen DeLong (Nov 13)
- Re: IPV6 renumbering painless? Christopher L. Morrow (Nov 13)
- Re: IPV6 renumbering painless? Alexei Roudnev (Nov 13)
- Re: IPV6 renumbering painless? Christopher L. Morrow (Nov 12)
- Re: Important IPv6 Policy Issue -- Your Input Requested Randy Bush (Nov 11)