Documentation for a proposal to possibly simplify "IPv6 whitelisting" (and blacklisting). For a sample of BIND9 configuration used for unittests, see https://github.com/ekline/ipv6whitelist/tree/master/bind9. NOTE: Since most CDNs have or are working on fully automated IPv6 performance measurements in order to balance traffic according to user experience this work is essentially suspended. Mailing ListThere is a whitelist-discuss mailing list for discussing issues surrounding how to best handle verifying client IPv6 readiness, signaling AAAA readiness, et cetera. To subscribe, send email to whitelist-discuss-sub AT ipv6whitelist DOT org. To unsubscribe, send email to whitelist-discuss-unsub AT ipv6whitelist DOT org. At this time this is a manual process (yes, it's 2011 and this is still manual).AdditionalDNS requests that contain an EDNS client ip extension indicating the client request originated over IPv6 provides some fate-sharing assurance about the client's IPv6 connectivity. As such, enabling AAAAs for such requests as a matter of policy may be a recommended mode of operation, pending further operational experience in the matter. LinksAn article about whitelisting work. |