Resolve hostname to IPv6 address in listen directive
Matthias-Christian Ott
ott at mirix.org
Wed Aug 25 11:27:43 MSD 2010
At the moment nignx does not allow IPv6 addresses to specified by
hostname in a listen directive, that is the following will not work:
listen ipv6.example.com;
listen [ipv6.example.com];
listen ipv6.example.com ipv6only=on;
listen [ipv6.example.com] ipv6only=on;
Though I see a potential security problem with hostnames here (this
also applies to IPv4), because DNS replies can be manipulated if
DNSSEC is not used, I think that this feature would be helpful and
simplifies administration.
Given that example.com resolves to an IPv4 and IPv6 address, simply
binding to both addresses with the following directive would break
backwards compatibility: listen example.com;
For backwards compatibility I propose the following to resolve the
IPv6 addresses of a hostname and listen on them:
a) listen example.com ipv6only=on;
b) listen [example.com];
Solution b) has the disadvantage that it doesn't conform to RFC 3986.
Due to the fact that IPv4 will be a legacy addressing scheme in the
future, one could also consider to break backwards compatibility and
introduce the option ipv4only.
I would prefer this solution for 0.8 and propose solution a) for 0.7
and 0.8. So in 0.7 IPv4 addresses would be default for hostnames and
hostnames would only be resolved to IPv6 addresses if ipv6only is
present and in 0.8 both addresses would be resolved and the user can
choose between one of the address families with the options ipv4only
and ipv6only.
What do you think?
Regards,
Matthias-Christian
More information about the nginx-devel
mailing list