[Swan-dev] for DNS, try IPv4 before IPv6
Andrew Cagney
andrew.cagney at gmail.com
Tue Jan 5 01:13:36 UTC 2021
ttoaddr() contains:
- if (err && af != AF_INET)
- err = tryname(src, srclen, nultermd, AF_INET6, af, dst);
- if (err && af != AF_INET6)
- err = tryname(src, srclen, nultermd, AF_INET, af, dst);
so, for AF==AF_UNSPEC, it will try an IPv6 DNS lookup and, should that
fail, try an IPv4 DNS lookup. The code's always done this; perhaps:
- just because
- this way the IPv4 error is prefered over the IPv6 error
- at the time it was the thing to do (it also quickly became the thing
to not do as waiting for IPv6 to fail before trying IPv4 made
everything slower; code switched to trying both in parallel)
meanwhile, whack contains:
- msg.addr_family = AF_INET;
which forces lookups to IPv4 only (unless the config file / option
explicitly says otherwise).
So to put it simply: whack prefers IPv4; ttoaddr() prefers IPv6. This
means that, if the whack default is removed, a configuration with
valid IPv4 and IPv6 DNS records would suddenly switch from IPv4 to
IPv6 for the IKE SA.
thoughts?
Andrew
More information about the Swan-dev
mailing list