Resolve hostname to IPv6 address in listen directive
mike503 at gmail.com
Wed Aug 25 11:30:18 MSD 2010
I say "a" is a better option out of the two. Follows nginx configuration style and I actually thought at first maybe  were part of a special ipv6 markup. So that even confused me at first :)
On Aug 25, 2010, at 12:27 AM, Matthias-Christian Ott <ott at mirix.org> wrote:
> At the moment nignx does not allow IPv6 addresses to specified by
> hostname in a listen directive, that is the following will not work:
> listen ipv6.example.com;
> listen [ipv6.example.com];
> listen ipv6.example.com ipv6only=on;
> listen [ipv6.example.com] ipv6only=on;
> Though I see a potential security problem with hostnames here (this
> also applies to IPv4), because DNS replies can be manipulated if
> DNSSEC is not used, I think that this feature would be helpful and
> simplifies administration.
> Given that example.com resolves to an IPv4 and IPv6 address, simply
> binding to both addresses with the following directive would break
> backwards compatibility: listen example.com;
> For backwards compatibility I propose the following to resolve the
> IPv6 addresses of a hostname and listen on them:
> a) listen example.com ipv6only=on;
> b) listen [example.com];
> Solution b) has the disadvantage that it doesn't conform to RFC 3986.
> Due to the fact that IPv4 will be a legacy addressing scheme in the
> future, one could also consider to break backwards compatibility and
> introduce the option ipv4only.
> I would prefer this solution for 0.8 and propose solution a) for 0.7
> and 0.8. So in 0.7 IPv4 addresses would be default for hostnames and
> hostnames would only be resolved to IPv6 addresses if ipv6only is
> present and in 0.8 both addresses would be resolved and the user can
> choose between one of the address families with the options ipv4only
> and ipv6only.
> What do you think?
> nginx-devel mailing list
> nginx-devel at nginx.org
More information about the nginx-devel