On Dec 30, "Bernhard R. Link" <brlink@debian.org> wrote: > > > I routinely blacklist the ipv6 module. There are far too many > > > programs breaking or doing stuff I do not want if it is loaded. I call bullshit on this. > a) netstat garbling the addresses of connected endpoints This is one of the reasons why bindv6only should be set. > b) the interface having a link-local address (bug/feature in kernel?), Feature. > which then causes(or caused[2]) programs to do ipv6 dns lookups[3] libc issue, solved long ago. > [3] which not only pesters the root servers with questions for the > top-level domain "$(hostname -s)", but I do not even want to think Not really. > what it means security-wise that the recursing name server I use or > someone sitting in between can answer those requests. Maybe you should, because no such thing exists. -- ciao, Marco
Attachment:
signature.asc
Description: Digital signature