[SR-Users] dns queries on ipv6 addresses

Alex Hermann alex at speakup.nl
Thu Oct 25 17:11:34 CEST 2012


On Thursday 25 October 2012, Daniel-Constantin Mierla wrote:
> On 10/25/12 4:33 PM, Alex Hermann wrote:
> > On Thursday 25 October 2012, Juha Heinanen wrote:
> >> an ipv6 address can thus never be a valid domain name.  an ipv4 address,
> >> on the other hand, is syntactically valid domain name and perhaps
> >> someone has populated their local name server with such names.
> > 
> > But the application (kamailio) should not attempt a DNS lookup if the
> > hostname
> 
> > is an IP(v4/v6) address, from RFC1123, section 2.1:
> It does not if it is ipv4 and the target would be an A record, as well
> as when it is ipv6 and the target would be an AAAA record.
> 
> The thing here relates to disabling ipv6, resulting in only possible
> target A record, for which ipv6 does not match an ipv4 format, resulting
> in using the ipv6 for querying an A record.
> 
> So some extra validation has to be added when one address family is
> disabled by config, but such addresses can actually occur.
> 
> Perhaps what Juha suggested with detecting an invalid hostname is the
> best, avoiding querying for broken dns tokens.

Agreed, but simply detecting ip addresses may also be sufficient.

Maybe do str2ip _and_ str2ip6 always, independent of the listening sockets. 
Even if the proxy doesn't use ipv6, doing an A lookup on a literal IPv6 or 
IPv6 refrence should be avoided.

(Currently str2ip6 is skipped if the proxy doesn't listen on an IPv6 address)

-- 
Met vriendelijke groet,


Alex Hermann
SpeakUp BV
T: 088-SPEAKUP (088-7732587)
F: 088-7732588



More information about the sr-users mailing list