Bug 14102 - [Feature Request]: Prevent global IPv6 addresses being registered/returned
Summary: [Feature Request]: Prevent global IPv6 addresses being registered/returned
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DNS server (internal) (show other bugs)
Version: unspecified
Hardware: All All
: P5 enhancement (vote)
Target Milestone: ---
Assignee: Kai Blin
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-08-27 00:07 UTC by Alex MacCuish
Modified: 2020-12-23 16:54 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex MacCuish 2019-08-27 00:07:56 UTC 
For those with an internal network using IPv6, wherein both a global and ula address are assigned, and a (annoyingly) dynamic prefix assigned by the ISP, it would be useful to be able to either prevent clients registering global addresses, and therefore only allowing ULA addresses, or preventing the internal DNS server and BIND module from returning global addresses in AAAA requests from Active Directory zones.

Since the prefix assigned by the ISP can change at any time, addresses will become invalid. Clients don't seem to reliably trigger a DNS update request when their IPv6 address changes, which can lead to clients connecting to incorrect IPs.

However, even when a client's global address changes, their ULA address remains the same. Therefore it would be useful to exclude global addresses from being returned in AAAA responses, to encourage clients to select ULA addresses as the destination address for a connection.
Comment 1 martin.sheppard 2020-01-21 03:54:23 UTC 
https://gitlab.com/samba-team/samba/merge_requests/971 includes a fix.
Comment 2 Björn Jacke 2020-12-23 16:54:42 UTC 
you can use "interfaces" and "bind interfaces only" to limit the IPs that Samba should use, this will also limit the IPs that are registered in DNS