25 Oct
2012
25 Oct
'12
6:11 p.m.
On Thursday 25 October 2012, Daniel-Constantin Mierla wrote:
On 10/25/12 4:33 PM, Alex Hermann wrote:
Agreed, but simply detecting ip addresses may also be sufficient.
Maybe do str2ip _and_ str2ip6 always, independent of the listening sockets.
Even if the proxy doesn't use ipv6, doing an A lookup on a literal IPv6 or
IPv6 refrence should be avoided.
(Currently str2ip6 is skipped if the proxy doesn't listen on an IPv6 address)
--
Met vriendelijke groet,
Alex Hermann
SpeakUp BV
T: 088-SPEAKUP (088-7732587)
F: 088-7732588
On Thursday 25 October 2012, Juha Heinanen
wrote:
an ipv6 address can thus never be a valid domain
name. an ipv4 address,
on the other hand, is syntactically valid domain name and perhaps
someone has populated their local name server with such names.
But the application (kamailio) should not attempt a DNS lookup if the
hostname is an IP(v4/v6) address, from RFC1123, section
2.1:
It does not if it is ipv4 and the target would be an A record, as well
as when it is ipv6 and the target would be an AAAA record.
The thing here relates to disabling ipv6, resulting in only possible
target A record, for which ipv6 does not match an ipv4 format, resulting
in using the ipv6 for querying an A record.
So some extra validation has to be added when one address family is
disabled by config, but such addresses can actually occur.
Perhaps what Juha suggested with detecting an invalid hostname is the
best, avoiding querying for broken dns tokens.