At one site, where anonymous ftp isn’t really a core service, I have wu-ftpd set up in DNS fascist mode, which means that it won’t let you log in unless your forward and reverse DNS match. Now, when we started offering anonymous ftp over IPv6, it was quite tricky to get a working delegation for your reverse DNS, so I added an option to allow people with b0rked IPv6 DNS through (with only a minor nag).
Recently, our anonymous ftp server started nagging local users connecting via IPv6, even though their DNS was fine (even as reported by my DNS fascist script. It turns out that our wu-ftpd does its own reverse lookups and was patched at a time when only
ip6.int was in practical use. Of course, in the last few months
ip6.int has gone away entirely. My first inclination was to edit the binary, but, unfortunately,
ip6.arpa is one character longer. However, the source code was just as easy to fix.
I did wonder if I should now remove the exemption for anonymous ftp over IPv6, as the DNS tree for production IPv6 address is now moderately well maintained. However, there are still lots of people using transition mechanisms that don’t easily provide access to the DNS reverse tree corresponding to the IPv6 address space you use.