Resolve hostname to IPv6 address in listen directive

Michael Shadle mike503 at gmail.com
Wed Aug 25 11:30:18 MSD 2010 

I say "a" is a better option out of the two. Follows nginx configuration style and I actually thought at first maybe [] were part of a special ipv6 markup. So that even confused me at first :)

On Aug 25, 2010, at 12:27 AM, Matthias-Christian Ott <ott at mirix.org> wrote:

> At the moment nignx does not allow IPv6 addresses to specified by
> hostname in a listen directive, that is the following will not work:
> 
>  listen ipv6.example.com;
>  listen [ipv6.example.com];
>  listen ipv6.example.com ipv6only=on;
>  listen [ipv6.example.com] ipv6only=on;
> 
> Though I see a potential security problem with hostnames here (this
> also applies to IPv4), because DNS replies can be manipulated if
> DNSSEC is not used, I think that this feature would be helpful and
> simplifies administration.
> 
> Given that example.com resolves to an IPv4 and IPv6 address, simply
> binding to both addresses with the following directive would break
> backwards compatibility: listen example.com;
> 
> For backwards compatibility I propose the following to resolve the
> IPv6 addresses of a hostname and listen on them:
> 
> a) listen example.com ipv6only=on;
> 
> b) listen [example.com];
> 
> Solution b) has the disadvantage that it doesn't conform to RFC 3986.
> 
> Due to the fact that IPv4 will be a legacy addressing scheme in the
> future, one could also consider to break backwards compatibility and
> introduce the option ipv4only.
> 
> I would prefer this solution for 0.8 and propose solution a) for 0.7
> and 0.8. So in 0.7 IPv4 addresses would be default for hostnames and
> hostnames would only be resolved to IPv6 addresses if ipv6only is
> present and in 0.8 both addresses would be resolved and the user can
> choose between one of the address families with the options ipv4only
> and ipv6only.
> 
> What do you think?
> 
> Regards,
> Matthias-Christian
> 
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://nginx.org/mailman/listinfo/nginx-devel

More information about the nginx-devel mailing list