[Cerowrt-devel] coping with ipv6 source routing and dns

Toke Høiland-Jørgensen toke at toke.dk
Wed Jan 29 17:30:34 EST 2014

Dave Taht <dave.taht at gmail.com> writes:

> Since most forwarders can't be trusted to return NXDOMAIN, an internal
> email box at several of my sites runs dns directly. A few dnsrbl
> providers offer ipv6 transport, so it's possible.

Ah, I see. I just run bind on cerowrt. Have to set an ntp server by IP
(or in /etc/hosts; I use an internal GPS-backed server) to bootstrap,
but otherwise it works well.

> One advantage of dnssec is we get NXDOMAIN working again, so a
> forwarder can be used...

Presumably only if the forwarder doesn't strip the dnssec stuff?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140129/a35ac00e/attachment.sig>

More information about the Cerowrt-devel mailing list