At one site, where anonymous ftp isn’t really a core service, I have wu-ftpd set up in DNS fascist mode, which means that it won’t let you log in unless your forward and reverse DNS match. Now, when we started offering anonymous ftp over IPv6, it was quite tricky to get a working delegation for your reverse DNS, so I added an option to allow people with b0rked IPv6 DNS through (with only a minor nag).
Recently, our anonymous ftp server started nagging local users connecting via IPv6, even though their DNS was fine (even as reported by my DNS fascist script. It turns out that our wu-ftpd does its own reverse lookups and was patched at a time when only ip6.int was in practical use. Of course, in the last few months ip6.int has gone away entirely. My first inclination was to edit the binary, but, unfortunately, ip6.arpa is one character longer. However, the source code was just as easy to fix.
I did wonder if I should now remove the exemption for anonymous ftp over IPv6, as the DNS tree for production IPv6 address is now moderately well maintained. However, there are still lots of people using transition mechanisms that don’t easily provide access to the DNS reverse tree corresponding to the IPv6 address space you use.
The node information queries draft has finally become RFC 4620. I’m quite pleased because I think that node information queries are quite an interesting feature of IPv6. They let you ask nodes what they think their name is. For example, you can ask for the names of all the nodes on a link by doing something like:
> ping6 -w ff02::1%rl0
PING6(72=40+8+24 bytes) fe80::210:a7ff:fe0b:d2b%rl0 --> ff02::1%rl0
46 bytes from fe80::210:a7ff:fe0b:d2b%rl0: yipyip.home.dwmalone.net.
45 bytes from fe80::204:e2ff:fe33:e3ac%rl0: gonzo.home.dwmalone.net.
46 bytes from fe80::210:a7ff:fe0b:d2b%rl0: yipyip.home.dwmalone.net.
45 bytes from fe80::204:e2ff:fe33:e3ac%rl0: gonzo.home.dwmalone.net.
^C
--- ff02::1%rl0 ping6 statistics ---
2 packets transmitted, 2 packets received, +2 duplicates, 0.0% packet loss
Here I’ve sent a Node Information Query with the KAME ping6 command to the all-nodes address on an interface called rl0. Each node responds with its name - you can then connect to the node using ssh or another tool of your choice.
Out of interest, I decided to diff the last version of the draft and the RFC to see what changes in the final revision. Among a number of minor editoral changes I found that “which” had been changed to “that” in a number of places. This is a topic on which people have plenty to say.