[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: defaulting to net.ipv6.bindv6only=1 for squeeze

* Ben Hutchings <ben@decadent.org.uk> [091229 19:26]:
> > I routinely blacklist the ipv6 module. There are far too many
> > programs breaking or doing stuff I do not want if it is loaded.
> I trust you have filed bugs on these applications?

No, on most I have not. I don't believe anyone only having ipv6 right
now so if ipv4 is broken I assume people know this and simply fix my
machines. (It's the sad state of affairs that the situation is broken
in so many subtle ways that sometimes every single program can hardly
do something[1]).

	Bernhard R. Link

[1] For example running sshd without -4 and without ipv6 blacklisted causes
(or caused[2]) sshd to listen on ipv6 resulting in
 a) netstat garbling the addresses of connected endpoints
 b) the interface having a link-local address (bug/feature in kernel?),
 which then causes(or caused[2]) programs to do ipv6 dns lookups[3]

 Now who is at fault and whom should I assign bugs to?
 Myself for not giving sshd a -4 (I once tries to
 give every program needing it to avoid ipv6 loaded those options, at
 some point they were to many)? Those programs for causing ipv6 to load
 when there is no interface for it yet? The kernel for assigning
 link-local address when ipv6 is loaded? Libc for asking for ipv6
 addresses even when AI_ADDRCONFIG is given on interfaces with a
 link-local address? (Not to speak of the programs not using

[2] I don't have the time to recheck all the time if things now work
    every few months.
[3] which not only pesters the root servers with questions for the
    top-level domain "$(hostname -s)", but I do not even want to think
    what it means security-wise that the recursing name server I use or
    someone sitting in between can answer those requests.

Reply to: