[c-nsp] IPv6 domain reply Cisco 6509 IPv4 address

Oliver Garraux oliver at g.garraux.net
Thu Aug 16 10:21:37 EDT 2012 

DNS can definitely return AAAA records over IPv4 (or A records over IPv6).
 The type of DNS records returned is completely independent of the L3
protocol the request uses.  It doesn't make sense to me though why the box
would use a AAAA result when it has no IPv6 interfaces.

Oliver


On Thu, Aug 16, 2012 at 10:09 AM, Chuck Church <chuckchurch at gmail.com>wrote:

> Weird.  I'm just starting to play around with Juniper stuff now, and
> noticed
> pretty much the same behavior.  Configured a v4 DNS server, but a lookup
> resulted in a V6 address trying to be used.  Don't have V6 enabled
> anywhere,
> routing table was empty.  Figured it was some knob I'm not familiar with in
> JunOS.  Didn't get to wiresharking it, but similar.  Would a device be
> silly
> enough to request an AAAA record out a v4 only interface?  Would a DNS
> server ever hand out an AAAA for a v4 request (perhaps NAT64/DNS64
> intercepting somewhere?)
>
> Chuck
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Chris Lane
> Sent: Thursday, August 16, 2012 9:41 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] IPv6 domain reply Cisco 6509 IPv4 address
>
> We do not run IPv6 currently from this site, ipv6 is not enabled on box.
> when i ping google.com i get the following response.
> ping google.com
> Translating "google.com"...domain server (64.17.248.2) [OK]
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 2001:4860:4001:800::100E, timeout is 2
> seconds:
>
> % No valid source address for destination
>
> Rev is:
> s72033-advipservicesk9_wan-mz.122-33.SXH7.bin
> and also for further IPV6 analysis:
> sh ipv6 int
> LI-Null0 is up, line protocol is up
>   IPv6 is enabled, link-local address is FE80::218:74FF:FE16:D180
>   No global unicast address is configured
>   Joined group address(es):
>   MTU is 1500 bytes
>   ICMP error messages limited to one every 100 milliseconds
>   ICMP redirects are enabled
>   ND DAD is not supported
>   ND reachable time is 30000 milliseconds
>
> Ran this by a friend yesterday who also found this strange behavior and at
> quick glance couldn't find any bugs related to rev.
>
>
> Just wondering if anyone else sees this behavior?
>
> Thanks
>
> --
> //CL
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list